Re: Review of: draft-otis-dkim-harmful

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/4/2013 1:08 PM, Douglas Otis wrote:
Dear Dave,

On Jun 4, 2013, at 11:44 AM, Dave Crocker <dhc@xxxxxxxxxxxx> wrote:
I happen to be sitting in a M3AAWG meeting as I write this note
and it happens that I just came out of a session in which someone
tried to assert the use of DKIM (or SPF) as a 'requirement' and the
group was very clear that no such 'requirement' exists or is a
goal.
...
"Hope to use", rather than advocates.  We stand by the assertion,
but we can further modify this statement.

You can invent any sort of claim you want.  What you can't do is
substantiate it, because it has no objective basis.

I made a point of citing minutes-old group discussion that I had
first-person knowledge of and that was explicitly contrary to your claim.


However DKIM does not specify the role of the signing agent and
doesn't care.  Consequently the concern apparently being raised
here seems to be fundamentally confused about what DKIM is doing.

The combination of an assertion a message fragment is
"authenticated" and conflation of that assertion is happening today.
More on this in a bit.  The authors are in no way confused.

People mis-use specifications all the time.

The issue here is what the spec says and does, not how people some stray
folk somewhere choose to mis-use it.

DKIM makes no 'assertion a message fragment is "authenticated"'.

Period.


Simply publishing this draft appears to have already increase
the level of multiple FROM header field abuse seen where it is
now at 21% of signed DKIM messages.

Sounds pretty scary.  No doubt the assertion is publicly
verifiable, including the basis for asserting that it is causing
problem?

Sure.  Simply observe the increasing signed DKIM messages that have
multiple From:'s.

The challenge I placed was on documenting the claim.  The point is to
permit community assessment of the claim.



DKIM does not, in its current form, attach a validated domain name
to a message.  By adding one line "MUST NOT validate a message with
multiple From:'s", DKIM will attach a validated domain name to a
message.

One of the hallmarks of serious participation in IETF processes is
respect for the outcome of a legitimate discussion that happen to go
against one's preference.

d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]