----- Original Message ----- From: "Wietse Venema" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, September 08, 2006 2:52 PM Subject: Re: [ietf-dkim] SSP = FAILURE DETECTION
> > If thats the case, than explain why should receivers should bother > > processing DKIM signature mail? > > The purpose of a valid DKIM signature is to identify the party that > signed the message. Whether this is a first-party or third-party > signature is largely irrelevant. It's about accountability. If you are going to selectively answer only one of 20 questions, then it doesn't help the process. Again, WHERE is the PAYOFF if PROCESS DKIM and Just Looking for the "GOOD needle in the haystack?" >> SSP to me is about Failure and Non-Compliance of the DKIM-BASE signature >> process - an AUTHORIZATION concept. Mail that passes the test is still >> untrusted and can be further processed using traditional AVS tools. > > It is a mistake to believe that you have any control over what > recipients do with their email. And you are wrong to PUT words into my much. I never said Receivers can be controlled. However, the market environment is to ELIMINATE the bad transactions and the market direction is being in this direction. > It is the persistence in this > mistaken belief that distracts from the potential that DKIM has. Sorry, you are incorrect. You are trying to force feed a meaning of what DKIM is suppose to do and I keep repeating I DON'T CARE what it suppose to do as long as you do it right and the signature protocol is consistent without introducing MORE harm and higher overhead in the process of supporting it. If you need an analogy, think HELO/EHLO client domain or literals and MAIL FROM returned paths. The problem we have today is 100% based on the relaxation of no enforcing this states. We can't do much about these two entities beause of the 20+ years of legacy operations but there is no doubt, the smarter, better AVS ready SMTP systems in the market do something about these old issuses. They are not completely ignored anymore. Now with DKIM, we are NO longer talking about legacy operations at the PAYLOAD level. There is new expectation for new headers, new DNS records, etc. That is a recipe for high detection of failure based on non-compliancy and unauthorized signatures. So sorry, you are wrong and really wish you stop saying people they are "Mistaken" so you can get a "+1" from your compadres because I could on to say the same thing about how mistaken you are too. The point is and always has been I really don't care what you think DKIM is suppose to mean. Its a Digital Message Signature method and it is about Protocol Consistency. Just blindly signing and broadcasting this junk to receivers without a payoff of eliminating the bad is not going to be tolerated in the wider market and quite frankly, I have a hard time believing a high value domain is going to blindly sign mail with a "cross your fingers, hope it makes" concept while at the SAME time assuming "responsibility" for it. That doesn't make sense. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
