---- Original Message ----- From: "Dave CROCKER" <dhc2@xxxxxxxxxxxx> To: <ietf@xxxxxxxx> Sent: Friday, July 29, 2011 12:18 PM > > On 7/28/2011 12:34 PM, t.petch wrote: > > But more importantly we have abolished the end-to-end principle. If I am going > > to benefit from improved security on e-mail, I want to from the originator to > > me, not some half-way house giving a spurious impression of accuracy. > > The end-to-end principle is often cited as an argument for any mechanism that is > not the end-nodes. I'm waiting for the day it is applied to a demand that every > user's computer, tablet and smartphone be directly connected to every other one, > so that we no longer suffer IP relaying by routers, since their presence > violates the end-to-end principle. > > With respect to DKIM, the problem with your concern is that you appear to > misunderstand the function DKIM is performing. Since that's well-documented, I > suggest you review how it works and what it means. In case that's too much > effort, I suggest you take a look at: > > The Truth About DKIM > <http://bbiw.net/presentations/DKIM%20Truth.pdf> > > specifically slide 4. The left hand side includes a short list of common > mis-assumptions about DKIM's meaning, along with the one correct one. See > whether you know which is the right one. Yes, I know enough about DKIM to identify the right one. I think that it is an error for the IETF to add DKIM signatures. They do indeed tell me which intermediary has sent me the mail, but does nothing for the 'spam' that the intermediary accepted in the first place (albeit there being little of that on the IETF managed lists). And has already been pointed out, the mailing list damages any DKIM signature that is already there. I find it interesting that John Levine lists 'DKIM doesn't work with mailing lists' as one of this three myths. I think that that depends on the interpretation of the word 'work'. I would say that DKIM in this context, of a mailing list, gives a spurious impression of increased security that we would be better off without. It functions, but does not work, in that it tells me nothing about the true origin of the communication. Tom Petch > > d/ > > -- > > Dave Crocker > Brandenburg InternetWorking > bbiw.net > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf