Please accept my apology as I do not mean to be disrespectful. I find
it impossible to separate all design considerations that are involved
in this decision you are requesting us to consider regarding a near
7-8 years DKIM + POLICY investment.
DKIM originated with POLICY support built-in and it was a critical
part of its marketing and selling point. It evolved from its
predecessor Domainkeys with built-in policy support. DKIM+POLICY was
its technological advancement and attraction. It made sense and it
was elegant common sense design. It is why we supported DKIM. It was
then split as DKIM and SSP. SSP was relaxed and changed to ADSP.
Now you are asking us to just drop ADSP or in short, drop the basic
idea of Domain Policy Layer support that sits on top of DKIM.
I don't think there was any question that the proof of concept is
there. The implementators are there. The APIs have support. The
publishers are there. Its value is high, so high Dave Crocker once
stated "Its scary!" (check archives). A strong deterministic protocol
that allowed private domains to expose strong email policies and for
receivers to honor and follow, immediately protecting domains from
electronic mail spoofs. A thing of beauty!
But the MAILING LIST SOFTWARE (MLS) needed to support it.
If this vote is a suggestion that MLS will not support ADSP, I am
asking will it support DMARC because we will be repeating the same 7-8
years integrated software design issue.
I will support a discussion of the entire AUTHOR DOMAIN POLICY
protection layer for DKIM and finally determine if it will work or
not, and if so, maybe some way that even the MLS developers will
support -- the main barrier to this DKIM + POLICY problem.
If DMARC and MLS developers are expected to coexist without
complaints, then the impact of deprecating ADSP will be less severe
and the investment, time, energy and knowledge already learned will
not be lost.
Why can't we just wait until at least DMARC is settled answering some
of the same DKIM signature practice security questions surely to
arise? If its supported (which seems to far to be getting a higher
mindset), then why can't ADSP be deprecated at that point, with DMARC
making ADSP obsolete?
--
HLS
On 10/3/2013 4:37 PM, Barry Leiba wrote:
To both Doug and Hector, and others who want to drift in this direction:
As I've said before, the question of moving ADSP to Historic is one
we're taking on its own, and is not connected to anything we do or
don't do with DMARC. Bringing DMARC into the discussion is a
distraction, and, worse, makes it look like there's a tie-in. There
is not.
So, please, let's not discuss DMARC as part of the "ADSP to Historic"
conversation. The issue is purely one of whether ADSP can be shown to
have enough value to maintain it as a Proposed Standard, whether we're
not getting enough value from it, and whether there's harm resulting
from our recommending its use and seeing it poorly used.
Please, everyone: discussions of DMARC in relation to this topic are
out of scope.
Barry, Applications AD
--
HLS