On May 25, 2010, at 1:46 PM, John R. Levine wrote: >> Step three: fix the status quo for *participating* MLM's by offering up a >> new technical solution that enables MLM's to assert that they've validated >> the original sender's signature. > > Not to pick on Paypal specifically, since this is a general failure of ADSP, > but:
<snip> Colorful, but those were not my/our words or sentiment. Once again, our use case is: > On Apr 26, 2010, at 1:19 PM, McDowell, Brett wrote: >> >> From my perspective, I'd like to enable (not mandate or expect universal >> compliance with) the deployment scenario where the sender's DKIM signature >> is either maintained without adulteration or "proxied" by the list so the >> transient trust can be carried through the mailing list intermediary to the >> destination (per Murray's note which I'm also going to respond to). That's >> my use case. By sharing this use case I'm not trying to deprecate or >> undermine John Levine's original use case. But there is a diversity of >> valid/appropriate behavior by mailing lists vis-a-vis DKIM that we need to >> consider (which is why I'm so pleased to see Mike H. take our discussion in >> this direction). >> >> -- Brett There are mailbox providers who want to leverage email authentication technologies to protect their users from phishing. I'm not making that up. What we have done with Google and Yahoo! is well known, but who here actually believes those are the only two deployments in the world today (or in-process)? I don't think it's in the best interest of the Internet to leave these use cases with no alternative but to pursue closed, proprietary mechanisms. It is my opinion that the standards community (if not IETF, then who?) could view these use cases as an opportunity to evolve the standards in a way that will gain more adoption and utility. The only thing we would be doing is evolving the existing standards to enable -- not compel or coerce -- consumer protection use cases. Everything I've articulated since joining the mail list has been rooted in the concept of choice. This authenticated messaging ecosystem is optional, not mandatory. Any effort to make it mandatory is doomed. So why not provide the option? Why not spec out a means for MLM's to participate in a DKIM/ADSP=discardable flow in a way that supports consumer protection use cases? -- Brett _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
