On 5/13/2011 12:15 AM, SM wrote:
Although one can extrapolate from experience and provide some
guidance, I would not call it "Best Current Practices". I suggest a
change to that sentence:
Based on deployment experience with DKIM, this document provides
guidance for the use of DKIM with scenarios that include Mailing
List Managers (MLMs).
an entirely reasonable wording change, IMO.
Quoting the Introduction Section:
"The goal for this document is to explore the use of DKIM for
scenarios that include intermediaries, and recommend Best
Current Practices based on acquired experience."
The Intended Status of this document is BCP. I cannot support a
recommendation for "Best Current Practices" that is not based on
existing practices.
Then you are using criteria that go beyond the requirements of a BCP.
From RFC 2026:
"5. BEST CURRENT PRACTICE (BCP) RFCs
The BCP subseries of the RFC series is designed to be a way to
standardize practices and the results of community deliberations.
...
The BCP subseries creates a smoothly
structured way for these management entities to insert proposals into
the consensus-building machinery of the IETF while gauging the
community's view of that issue."
Nothing in the definition of BCPs require that it be limited to covering
existing practice.
If the IETF wants a stick to tell the outside
world what to do, it can publish this document as a BCP.
Perhaps the wording is a bit more coarse than one would like, but at base,
"telling the community what to do" is what standards-track and BCP documents do,
whether based on existing practice or not.
In Section 5.8:
"DKIM-aware authoring MLMs MUST sign the mail they send according to
the regular signing guidelines given in [DKIM].
One concern is that having an MLM apply its signature to unsigned
mail might cause some verifiers or receivers to interpret the
signature as conferring more authority or authenticity to the message
content than is defined by [DKIM]. This is an issue beyond MLMs and
primarily entails receive-side processing outside of the scope of
[DKIM]. It is nevertheless worth noting here."
Removing the MUST and saying:
DKIM-aware authoring MLMs signs the messages they send according to
the regular signing guidelines given in [DKIM]
gives more weight to the last two paragraphs, especially with the
note about the concern.
Not really. The latter paragraph merely notes that there are receivers that do
not understand what a DKIM signature means.
The normative statement, however, either is supposed to direct MLM behavior or
it isn't. The existing language says it is, which makes sense.
In Section 5.10:
"An FBL operator might wish to act on a complaint from a user about a
message sent to a list."
Shouldn't that be FBI? :-)
You country has one of those, too?
On 5/21/2011 2:59 PM, John R. Levine wrote:
This document does not describe existing signing practice. It makes a variety of
highly speculative recommendations unsupported by experience. It is an experiment.
Again, we seem to have an attempt to impose a more stringent requirement on
qualifying for BCP status than exists in IETF formal documentation.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf