[ietf-dkim] SSP = FAILURE DETECTION
hsantos at santronics.com
Fri Sep 8 11:11:40 PDT 2006
----- Original Message -----
From: "John Levine" <johnl at iecc.com>
Sent: Friday, September 08, 2006 12:48 PM
Subject: Re: [ietf-dkim] The basic problem with SSP
>>2. I don't care about the breakage and I'd prefer you
>> reject unsigned mail.
> Not to put too fine a point on it, but the fundamental question here
> is why should the recipient care what the sender claims he prefers?
> Anytime you send e-mail to someone, you're basically asking them to do
> you a large favor by investing the effort to accept and deliver it.
> Senders don't get to set rules about what recipients can do.
If thats the case, than explain why should receivers should bother
processing DKIM signature mail?
Whats the purpose?
Why should it handle GOOD signatures differently than BAD signatures? and
vice versa? Where is the payoff?
Are we just looking for the "GOOD needle in the Haystack?" What about the
rest of the non-complain DKIM junk?
Why should EVERYONE be required do required non-standard reputations
batteries to work with DKIM-BASE? Whose batteries should we use? Yours?
As it is now, 99.99% of the systems out there ignore DOMAINKEYS messages.
What is it about DKIM that will change this and make a wide adoption begin
to process DKIM? Again, where and what is the payoff?
If it isn't about SPAM, then what it is for?
By world wide industry measurements, 80% of the transactions are
Is DKIM going to reduce this, increase this?
And even if BIGBANK.COM or ANYBRAND.COM finds that DKIM+DAC works for its
exclusive social network, how will BIGBANK.COM protect itself against
domains that don't subscribe to DKIM+DAC?
You are 100%. You can't dictate how receivers are going to behave but you
talking a big game about how systems should work with MUCH LESS using only
just DKIM-BASE plus some other non-standard idea what as invented by TWO
people, not put thru any IETF process.
I have absolutely NO reason whatsoever to support DKIM-BASE to PROCESS the
GOOD. But I have good reason to process the non-COMPLIANT and that includes
DKIM-BASE if I see that it will be become exploited which based on our
product history in the mail market for a WIDE range of customers from SMB to
LARGE, I see DKIM-BASE only with open-ended 3rd party APPLIANCE signings
opening a lot of can of worms.
SSP to me is about Failure and Non-Compliance of the DKIM-BASE signature
process - an AUTHORIZATION concept. Mail that passes the test is still
untrusted and can be further processed using traditional AVS tools.
But if you can eliminate a population of new world order of NON-LEGACY
transactions based on non-compliance, than that is what I will be
implementing into our software.
SSP is about mail filtering by DKIM Policy Osmosis.
Hector Santos, CTO
Santronics Software, Inc.
Wildcat! Interactive Net Server
More information about the ietf-dkim