On 5/27/10 7:53 AM, Jeff Macdonald wrote: > So I understand your line of reasoning. But today, I believe ADSP can > provide a benefit. Brett has data that supports that. It may have a > limited lifetime. But I don't think this will be the only RFC that has > a limited lifetime in the transition to an authenticated email > universe. > > Stating the obvious, in an Authenticated world, services that were > designed in a non-Authenticated world will break authentication. A > complex authentication protocol might be designed to work with > services that don't support authentication, but I think that is a > futile attempt. Disagree. The number of exceptions needed are few. A single transaction can mitigate issues related to third-party services that don't exchange DKIM keys. Such a scheme offers comprehensive protections without a long wait for something far less practical.
Since DKIM and ADSP directly benefits senders by ensuring their messages are not obscured, it seems only right that senders, rather than recipients, carry the larger burden. For most financial organizations, this burden will be slight. > It makes sense to me to go to each of these services, > see if there is a consensus in the value proposition of authenticated > email, and help modify those services to work in an Authenticated > world. I'd also advocate not changing the authentication part to make > it work with a service. That just adds complexity. > Authorization is separate mechanism from DKIM's authentication a domain. The authentication methods will not change. However, ADSP polices should be able encompass third-party authorization for services that don't exchange DKIM private keys needed to produce Author-Domain signatures. Authorization is far simpler than coordinated and complex exchanges of private keys or indirect and moving publications of public keys among two or more administrative entities. Yuck. An authorization can be made unilaterally without complex coordination. An authorization can remain static, even when keys roll over. To better answer Steve's criticisms on phishing, our company among others, offers browser plugins for web mail and popular email applications that annotate messages using corporate icons. Users can afford themselves similar protections by sorting email based upon the From email address and the DKIM/ADSP results. It seems reasonable to expect these functions will become easier to employ. They are not that hard now. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
