On Tue, Nov 01, 2005 at 07:11:45PM -0800, Douglas Otis allegedly wrote: > > Perhaps yes. Perhaps as an option. Perhaps not. > > Remains to be proven IMO. > > Tripp Cox of Earthlink should be able to clarify this issue based > upon their deployment experience of DomainKeys.
As I recall, the issue was very specific to the arbitrary insertion of 2822.Sender and the impact that caused on certain UAs that render Sender. The change in behavior at the recipient end was their sole concern. The insertion of Sender was a function of an implementation compromise for their particular scenario of an ISP that services many vanity domains, but which didn't want to (or couldn't) put keys into all the relevant domains. Such a compromise is a non-problem for most domains - particularly high-value domains, so it's hardly a fundamental or universal issue. Furthermore, the problem has nothing to do with binding, it has nothing to do with the underlying technology and perhaps surprisingly, their concerns are not solved by opaque-identifiers. Rather, it solely has to do with the UA impact of inserting 2822.Sender. The outcome of which is to suggest that arbitrary insertion of Sender for out-of-domain signatures (which I think people are calling 3rd-party signatures) is not a good choice in the DK spec. Based on their experience, I'm inclined to agree with that. What Earthlink were attempting to do was, in effect, implement a third-party signature and DK does not specify that well, nor does it offer a policy rich enough to make that clear to verifiers. To my mind that means that DKIM needs to do a much better job of that, not that it can't be done. That Earthlink made the effort, took the risk and gave us the opportunity to learn, speaks to me more than much of the prognostication-in-a-vacuum that is going on here. Serious players are ready to try this technology. Serious players are ready to make mistakes. Serious players want to work to get this right. Is this group helping or hindering that process? As a final note, I see that Earthlink are still signing a lot of outbound email with DK, so whatever concerns they have, have not caused them to abandon the effort. Mark. _______________________________________________ ietf-dkim mailing list http://dkim.org
