On 12/5/09 12:30 PM, Hector Santos wrote:
Alessandro Vesely wrote: Well, for me, it is very hard to continue "discussing DKIM" when it fundamentally has a known engineering implementation conflict (unauthorized remailer signatures not supporting ADSP) which not many are interested in fixing. If that is part of what you mean as "stranded" then I'm one of them. :) Specifically the DKIM deployment guide has one section discussing policy which addresses unauthorized signing threats and another section regarding remailers that effectively ignores the threats that policy attempts to address. Can't have it both ways. I specifically ask to fix the semantics. DKIM supportive Remailers MUST NOT ignore 1st party policy. It is fundamentally inconsistent to have a protocol designed to protect mail integrity and unauthorized signings, yet give have an exemption for remailers. See http://mipassoc.org/pipermail/ietf-dkim/2009q4/012648.html
I have responded to John Levine on the ASRG regarding an alternative to reputation methods that could be applied in a somewhat automated fashion that could be easily based upon DKIM signatures, either for the senders or for the feedback.
There is also a scalable and economical authorization solution that could be used with little pain, since this would help the sender better ensure delivery of their message, without messing up who should receive the feedback.
See: http://tools.ietf.org/html/draft-otis-dkim-tpa-label-03 -Doug
