Dave CROCKER wrote:
It does seem odd to complain about a mechanism that (finally) provides a certifiably valid identifier on messages, in an environment where 90% of the traffic across the Internet exploits the fact that there hasn't been one...
How it is certified? I haven't seen any DKIM message that comes with a certified identifier. Is there consistency in the certification across all DKIM verifiers? What do you when it isn't certified which is 99% of the DKIM signed mail coming in? And how does one leverage or mitigate this 90% asserted exploitation with DKIM? Should we begin to reject mail that do not have valid signatures?
Without a domain policy based security wrapper, DKIM remains an unsecured protocol and currently it is just wasted processing bandwidth with a huge cost in implementation and management, or just plain old getting it right, and even then, most people in our market don't understand what utility it offers them. At present, they believe the "new badge" will help them look better, but there is no real evidence that it does anything for them.
-- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf