On Jul 29, 2011, at 6:18 AM, Dave CROCKER wrote: > > On 7/28/2011 12:34 PM, t.petch wrote: >> But more importantly we have abolished the end-to-end principle. If I am going >> to benefit from improved security on e-mail, I want to from the originator to >> me, not some half-way house giving a spurious impression of accuracy. > > > The end-to-end principle is often cited as an argument for any mechanism that is not the end-nodes. I'm waiting for the day it is applied to a demand that every user's computer, tablet and smartphone be directly connected to every other one, so that we no longer suffer IP relaying by routers, since their presence violates the end-to-end principle. > > With respect to DKIM, the problem with your concern is that you appear to misunderstand the function DKIM is performing. Since that's well-documented, I suggest you review how it works and what it means. In case that's too much effort, I suggest you take a look at: > > The Truth About DKIM > <http://bbiw.net/presentations/DKIM%20Truth.pdf> > > specifically slide 4. The left hand side includes a short list of common mis-assumptions about DKIM's meaning, along with the one correct one. See whether you know which is the right one. DKIM is not my favorite protocol. But it's not like there haven't been several efforts to define e2e authentication for email, including PEM, S/MIME, PGPMIME, and several others whose acronyms I'm too lazy to look up at the moment. Implementations of email clients that support e2e authentication are not hard to find, and some people do use them. But they've never been widely used. I don't blame the DKIM proponents for wanting to try a different deployment model, for a different use case. Keith _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf