> >Can we also conclude that SSL/TLS has failed as a tool for general > >communication? > > If we were holding it to the same requirements that some appear to be > asking for DKIM, I think we'd have to. Right. > There is a certain amount of SMTP over TLS, an entirely automated > application, and the net hasn't collapsed. > People have figured out reasonable ways to deal with TLS errors, > ranging from dropping the connection if it's suppposed to be part of a > private mail network to logging and ignoring the errors if it's > regular mail. If they set up their regular mail servers to drop > connections on TLS failures, they'd lose a lot of mail. So they > don't. > > I don't see any reason to assume that mail admins will be any worse at > dealing with DKIM errors than they are with TLS errors. I don't see why DKIM is inherently different either. If ISPs were looking for an excuse to not accept mail from unknown sources, they could use SMTP over TLS and a customized set of trust anchors to achieve that aim, without requiring any new protocols. They didn't. > So as I said several messages ago: > > >I really need clarification of why DKIM RFCs need to tell people about the > >dangers of balkanization, even though HTTPS, S/MIME, and DNSSEC don't. Don't hold your breath. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf