Re: How to protect DKIM signatures: Moving ADSP to Historic, supporting DMARC instead

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please accept my apology as I do not mean to be disrespectful. I find it impossible to separate all design considerations that are involved in this decision you are requesting us to consider regarding a near 7-8 years DKIM + POLICY investment.

DKIM originated with POLICY support built-in and it was a critical part of its marketing and selling point. It evolved from its predecessor Domainkeys with built-in policy support. DKIM+POLICY was its technological advancement and attraction. It made sense and it was elegant common sense design. It is why we supported DKIM. It was then split as DKIM and SSP. SSP was relaxed and changed to ADSP.

Now you are asking us to just drop ADSP or in short, drop the basic idea of Domain Policy Layer support that sits on top of DKIM.

I don't think there was any question that the proof of concept is there. The implementators are there. The APIs have support. The publishers are there. Its value is high, so high Dave Crocker once stated "Its scary!" (check archives). A strong deterministic protocol that allowed private domains to expose strong email policies and for receivers to honor and follow, immediately protecting domains from electronic mail spoofs. A thing of beauty!

But the MAILING LIST SOFTWARE (MLS) needed to support it.

If this vote is a suggestion that MLS will not support ADSP, I am asking will it support DMARC because we will be repeating the same 7-8 years integrated software design issue.

I will support a discussion of the entire AUTHOR DOMAIN POLICY protection layer for DKIM and finally determine if it will work or not, and if so, maybe some way that even the MLS developers will support -- the main barrier to this DKIM + POLICY problem.

If DMARC and MLS developers are expected to coexist without complaints, then the impact of deprecating ADSP will be less severe and the investment, time, energy and knowledge already learned will not be lost.

Why can't we just wait until at least DMARC is settled answering some of the same DKIM signature practice security questions surely to arise? If its supported (which seems to far to be getting a higher mindset), then why can't ADSP be deprecated at that point, with DMARC making ADSP obsolete?

--
HLS

On 10/3/2013 4:37 PM, Barry Leiba wrote:
To both Doug and Hector, and others who want to drift in this direction:

As I've said before, the question of moving ADSP to Historic is one
we're taking on its own, and is not connected to anything we do or
don't do with DMARC.  Bringing DMARC into the discussion is a
distraction, and, worse, makes it look like there's a tie-in.  There
is not.

So, please, let's not discuss DMARC as part of the "ADSP to Historic"
conversation.  The issue is purely one of whether ADSP can be shown to
have enough value to maintain it as a Proposed Standard, whether we're
not getting enough value from it, and whether there's harm resulting
from our recommending its use and seeing it poorly used.

Please, everyone: discussions of DMARC in relation to this topic are
out of scope.

Barry, Applications AD



--
HLS






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]