On Tue, Apr 29, 2014 at 3:00 PM, Douglas Otis <doug.mtview@xxxxxxxxx> wrote:
There will be an effort made to better generalize the TPA expired draft. http://tools.ietf.org/html/rfc6541 (ATPS) was hostile to existing mailing-list services and, as such, could not be deployed. Nor was it more suitable for high volume email services. An effort to change From header fields will have users guessing which field indicates who authored the message and in the end will provide no benefit.
ATPS was deployed as part of an open source package since before it was published. It has seen negligible use, and I suspect that's because there has not to date been any demand for third-party signing mechanisms of any kind. In particular, nobody has said anything even a little bit like "I would use ATPS if only it were changed in the following way(s): ...", including (and especilaly) the large messaging providers that use that open source package.
To me, this may lend credence to John Levine's claim that the list signing the message is as good or better than the author signing the message.
In any case, ATPS, TPA, and its variants all run up against a whitelisting scaling problem. I think that's the more interesting thing to discuss.
-MSK