This is mostly a test with my junk yahoo.com testing account to see what happens here.
Stephen, you are right, but we have been on this for over 9 years. With all due respect to Crocker and Levine, who fought hard against DKIM Security Policy based solutions starting with SSP, then ADSP which Levine authored as a poison pill many
believe, he never supported his own work. The industry was quite aware of what was coming and it took DMARC, an external development, which Eric Allman predicted would happen when SSP was demoted by ADSP, to highlight the very high interest in the technology and tremendous need for an self-signing, low cost, email authentication protocol. DKIM was it and without a policy that Crocker and Levine tried to remove, the payoff was low and signatures were worthless. So we have to give some credit to Yahoo for pushing the issue, finally. Some will continue to fight it and some will continue to work with it. I choose to work with it now as I did with ADSP.
--
HLS via Yahoo
On Wednesday, April 16, 2014 6:13 AM, Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/16/2014 03:23 AM, Michael Richardson wrote:
>
> So, as a WG chair, a person known to me just tried to post to the
> list From a brand new yahoo.com mail account. They aren't
> subscribed with that address. I would normally just approve, and
> add them...
>
> It seems to me that I must now actually reject, because it would
> affect other subscribers.
>
> I'm now thinking that we need to remove all the @yahoo.com
> addresses from posting to ietf mailing lists.
>
This is probably obvious, but had gmail.com done what yahoo.com
has done, that could I guess have a pretty significant impact on
the IETF getting stuff done for a while since a lot of folks in
the last few years seem to have migrated their IETF mail to
gmail.com as a reasonable way to get around corporate this-and-that
issues.
Maybe people who've done that might want to consider whether its
such a good plan for so many IETF participants to be dependent on
just one service now that we have a demonstration that s/none/reject/
in one TXT RR can have such an impact.
S.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQEcBAEBAgAGBQJTTle3AAoJEC88hzaAX42i7jQIALBIZ3Z+jp1RbGCiJp4IVztN
qWa0aEUcx2Skp4gtM/vQnEEsCjYFAnRaoMofJqyUBuvTs3H0q/GMkcONcOPJW6wH
R/HpKKr24UpYsfpdYKx99b7D27kVNgzML3e0bD3csR1MNC/yR7wvsnTHTwbv2mxk
eb7O5Wp6kvKw/gRYjPHncMPSgBUyc+KixY6IDHzDk4IdCQP4CyVkhI4EV7dlu8nM
T1RNhljdzCmJBLd0y1USS1UmKrPVhoFgBXShvnxabseqJN/m2bz5WVSuJgIwWRov
duU5vRgbdQ5jTn9TBzEPdJ5LRbQczlHyLVdnjvOHApQ8HtNrQxKOe89C0b32+7A=
=cS/m
-----END PGP SIGNATURE-----
Hash: SHA1
On 04/16/2014 03:23 AM, Michael Richardson wrote:
>
> So, as a WG chair, a person known to me just tried to post to the
> list From a brand new yahoo.com mail account. They aren't
> subscribed with that address. I would normally just approve, and
> add them...
>
> It seems to me that I must now actually reject, because it would
> affect other subscribers.
>
> I'm now thinking that we need to remove all the @yahoo.com
> addresses from posting to ietf mailing lists.
>
This is probably obvious, but had gmail.com done what yahoo.com
has done, that could I guess have a pretty significant impact on
the IETF getting stuff done for a while since a lot of folks in
the last few years seem to have migrated their IETF mail to
gmail.com as a reasonable way to get around corporate this-and-that
issues.
Maybe people who've done that might want to consider whether its
such a good plan for so many IETF participants to be dependent on
just one service now that we have a demonstration that s/none/reject/
in one TXT RR can have such an impact.
S.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQEcBAEBAgAGBQJTTle3AAoJEC88hzaAX42i7jQIALBIZ3Z+jp1RbGCiJp4IVztN
qWa0aEUcx2Skp4gtM/vQnEEsCjYFAnRaoMofJqyUBuvTs3H0q/GMkcONcOPJW6wH
R/HpKKr24UpYsfpdYKx99b7D27kVNgzML3e0bD3csR1MNC/yR7wvsnTHTwbv2mxk
eb7O5Wp6kvKw/gRYjPHncMPSgBUyc+KixY6IDHzDk4IdCQP4CyVkhI4EV7dlu8nM
T1RNhljdzCmJBLd0y1USS1UmKrPVhoFgBXShvnxabseqJN/m2bz5WVSuJgIwWRov
duU5vRgbdQ5jTn9TBzEPdJ5LRbQczlHyLVdnjvOHApQ8HtNrQxKOe89C0b32+7A=
=cS/m
-----END PGP SIGNATURE-----