On Jan 4, 2006, at 9:59 AM, Dave Crocker wrote:
E> AS I understand it the concern is that people who don't use DKIM
will eventually not be able to send e-mail to people who are using
it. I'm not sure that this is something that people should be
concerned about, indeed, the logic of this kind of system is that
if it succeeds that's exactly what will happen.
Interesting.
I have not heard any DKIM proponent use that logic.
I have, however, heard critics fail to understand the difference
between
a) special handling of "good" identities, versus continuing to
have suspicious handling of "unknown" identities, and
b) acceptance of good addresses and rejection of unknown.
The current proposed charter includes both the DKIM signature element
that indeed provides a stable identifier. No additional problem
should be created as a result of this more stable identifier of which
I can foresee.
There is also a proposal to introduce an email-address authorization
scheme that transposes the Sender-ID email-addresses with signatures
and uses a far more disruptive From header rather than the less
disruptive PRA. Will there be a PRA proposal for the SSP header
selection soon?
The concern with this authorization scheme is that many email-address
domains will likely be coerced into publishing some form of
authorization to mitigate the high overhead otherwise imposed by the
scheme. The next possible point of coercion would be to restrict
authorization to a limited set of signatures which dramatically
alters current practices and is inherently unfair. In general, when
this authorization is used to accrue reputation as was done with
Sender-ID, this imposes an unfair and highly disruptive element into
how email functions.
Proponents seek to use DKIM for a), not b).
This mischaracterizes the concern raised significantly.
Critics keep asserting that b) is the only avenue that is possible.
Reputation based upon some identifier is already ubiquitously used to
block abusive email. A stronger method of identification does not
increase any concern related to 'b' except when applied to the SSP
authorization instead of the signature. Even the SSP draft holds the
email-address domain that provided the authorization accountable by
way of complaints. The authorization scheme introduces a weaker and
unfair method of identification.
So, they are wrong that it is the intent and they have no empirical
basis for asserting that it is certain or even likely to occur.
There has already been a scheme implemented a major vender that uses
authorization as suggested. A minor tweak to widely deploy system
and instant problem.
-Doug
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf