On 1/22/10 9:39 AM, Murray S. Kucherawy wrote: >> 2. 3rd-party authorization label: >> https://datatracker.ietf.org/doc/draft-otis-dkim-tpa-label/ >> If you have not read this draft, please do; we'd like to get a good >> sense of whether to work on this. >> > Nay until presented with evidence that this is an actual pain point. > Yes, of course, being in support of 2. For example, extending the current RBL approach confronts difficulties when scaling to support IPv6. The application of 3rd-party labels would assist in a transition toward positive reputations.
3rd party labels would permit DKIM signatures to better correspond with providers, rather than the much larger number of their customer's domains. In this way, the 3rd party label authorization scheme greatly expands the percentage of author domains assured by valid DKIM signatures. By allowing DKIM to quickly and economically offer assurances for the bulk of the email carried, while still allowing customers an ability to employ any desired provider, DKIM could thereby establish a basis for acceptance. A 3rd-party label should help prevent the number of DKIM signatures from exploding along with the growing number of domains soon to come into existence, that will likely be leveraged by spammers. DKIM signatures could instead reflect a much smaller number of providers offering email services. The stability this would provide should help minimize difficulties when confronting the massive IPv6 address space and rapidly expanding number of domains. >> 3. Other 3rd-party signing issues (New protocol? Info doc?) >> > Yea on the informational document, pending evidence that an actual protocol > is needed. (I always support more informational documents, in the constant > presence of evidence that the industry as a whole doesn't fully understand > all the implications of DKIM and its related work.) > > Nay on the protocol until presented with evidence that this is an actual pain > point. > While the 3rd party label draft might seem overly complex, it was to minimize the number of transactions needed to support an authorization scheme at any scale. There does not appear to be any need to change DKIM to offer 3rd-party authorizations. It should become clear soon enough, acceptance based principally upon IP addresses will become increasingly problematic. It would be good to offer an experimental method that might be tried as a way to obtain greater experiences as to practicalities of what might be made to work within the current DKIM infrastructure, at least cost, while minimizing the impact on mailing-lists. Mailing lists might even benefit from a Google style ranking system that could be evidenced by the number of domains authorizing their service. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
