Doug replied to Frank: >> Step 4 means "DKIM working as designed", it's a feature >> and no bug.
> Break everything is a feature? Limit email-addresses to a single > provider is a feature? It doesn't break everything and even then, yes its a feature, breaking means the DKIM exclusive policy security was violated. If the high-value domains do not want their domains to used outside their distribution with no expectation for middleware tampering, they should not be using the domain outside this protective shell. Once they do, the sharks will eat it up (protection is lost). If a domain doesn't care how their mail gets distributed, gets signed, resigned, stripped or otherwise, then their expectation for security and protection is unrealistic. In addition, any presumption that *all* vendors and operators will endure potentially high payload overhead in the name of wasteful DKIM processing, is also unrealistic. SENDER-ID suffered the same poor technical merits of not providing a high-payback value for blindly accepting payloads and performing extra processing. You got to provide a very good reason and show a payback value to ACCEPT a PAYLOAD for DKIM processing. I see the high payback potential with DKIM. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ ietf-dkim mailing list http://dkim.org
