On Sat, Apr 01, 2006 at 05:16:17PM -0500, [EMAIL PROTECTED] allegedly wrote: > Many folks use edge devices that look/act like an mta but is antispam/av > oriented. Dropping a dkim plugin should be no more dificult that deploying a > new av engine.
Are you talking about signing or verifying or both? Have you actually done this or are you speculating about the ease? Are you considering key management and DNS rollout in your claim about "no more difficulty" or are you ignoring that aspect? Have you considered any need to authenticate submitters or is that irrelevant? If folk here are thinking that DKIM is a mere matter of adding a plugin to existing infrastructure they are sadly mistaken. And to justify protocol designs on that assumption are also mis-guided and narrow-minded. The people I've been been working with have actually been deploying this stuff on a large scale with a large number of participants for a number of years. They have *all* had to deploy new s/w and new processes to participate. No exceptions. That this group contains a number of folks who are capable of running their tiny infrastructure as a DKIM experiment does not constitute the Internet reality. As a group we should be very wary of their disproportionate influence simply because such folk are present and vocal on this list. The almost religious approach to "must be milter compatible" is a case in point. Such constraints are largely irrelevant to the major senders and the major receivers I've been dealing with - yet already such constraints seem to pervade the discussion here simply because three or four vocal participants happen to use a milter as a convenient implementation frame-work. Mark. > thanx, > bll > > > -----Original Message----- > From: [EMAIL PROTECTED] on behalf of Michael Thomas > Sent: Fri 3/31/2006 6:32 PM > To: Mark Delany > Cc: [email protected] > Subject: Re: [ietf-dkim] Proposal for specifying syntax and semantics > formultiple signatures > > Mark Delany wrote: > > >On Fri, Mar 31, 2006 at 02:25:49PM -0800, [EMAIL PROTECTED] allegedly wrote: > > > > > > > >>And let's please not forget that even if this got fixed tomorrow the amount > >>of > >>time it takes to significantly deploy new MTA versions is very long - far > >>longer than we can afford to wait. > >> > >> > > > >I'm confused. We expect wide-spread use of this protocol without > >deploying new MTAs? That's quite the feat. > > > > > With milter, you don't have to upgrade your sendmail version. For us, > we'd probably have to go through a lot more contortions to get our > infosec folks to buy into a new sendmail version for our production > environment. Not undoable, but definitely harder. > > My understanding is that other MTA's have similar plugin kinds of > capabilities too. > > Mike > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
