On Jan 1, 2006, at 8:35 AM, John C Klensin wrote:
--On Sunday, 01 January, 2006 04:35 +0000 John Levine
<johnl@xxxxxxxx> wrote:
I hope the message here is not that we should restrict ourselves
to developing technology that is idiot-proof, since a sufficiently
determined idiot, of which there are many, will do idiotic things
with any technology that we never in a million years would have
anticipated.
No. I don't believe in idiot-proof technologies. I do believe
that it is not desirable to create standards that would give a gift
of either technology or justification to those who would use them
to fragment the network. I believe it is especially important to
avoid those gifts when the people or groups involved are quite
sophisticated about using technologies to maximize their short-
term economic gain at the cost of global communications and
interoperability.
The risks related to interoperability will more likely result from
assuming authorization authenticates the source. This authorization
strategy may benefit larger domains, but will be corrosive to goals
of interoperability and integrity. To avoid the misapplication of
this mechanism, there are suitable alternatives to authorization for
the DKIM effort. DKIM offers a significant value without
authorization to establish expectations. Not endorsing authorization
schemes also discourages possible burden-shifting of the short-
comings of DKIM. Hopefully, not allowing this tactic will lead to a
better, safer, and far more fair solutions.
-Doug
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf