On Sat, 2006-02-11 at 11:42 -0800, Dave Crocker wrote: > > The power of the current, simple 2-state model cannot be > overestimated, in my opinion. We need to keep in mind that this is a > mechanism for transit validation, rather than something with broader > scope. > > There are myriad, clever enhancements that could be made to DKIM's > functionality. We need to firmly resist the temptation to pursue any > of them at this stage... unless there is a compelling argument for > *immediate* community need. > > After the first IETF version of DKIM is issued as a standard, we can > consider all of those fascinating enhancements. > > Right now, the urgency is for a basic, standard mechanism that works.
Agreed. Threat analysis should not be as constrained, however. Noted problems and possible defensive strategies may help ensure future options are not circumvented or otherwise prevented. This may also set the proper expectations for what DKIM can and cannot safely provide. Until the limitations and defensive strategies for DKIM are better explored, implementers may not have anticipated the impact and become disappointed. Working out the problems within the WG, at least on paper, also seems to ensure these solutions can remain in the public domain. -Doug _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
