[ietf-dkim] Collection of use cases for SSP requirements
Dave Crocker
dhc at dcrocker.net
Sun Nov 12 12:03:07 PST 2006
Jim Fenton wrote:
> If you go to the message that Pat Peterson wrote that started this
> thread, that is exactly what some domains would like to do. They
> consider SSP to be helpful to counter phishing [Please, let's not
> re-open that question; it has been discussed to death] even if it is
> ineffective with look-alike domains and such. The requirement for the
> recipient to opt-in to have unsigned messages from their domains removed
> diminishes that perceived benefit greatly.
(I mean to post a thank-you to Pat for his note. That kind of market research
is always helpful.)
Oddly, Pat's research adds an interesting challenge for the wg. End users state
end-state goals.
They are not attempting to specify a path to achieve it. That's our job.
Standards groups often try to specify all of a complex solution, because they
are trying to respond exactly to the (imagined, perceived, or researched)
end-user's description of what they want. It is what usually kills really
interesting efforts, because the task is too complex, in its entirety, to do all
at once.
So, I claim, our challenge is to take the end-user desire and figure out an
initial deliverable that is as small as possible, while still providing real
utility to the end-user, even if that utility is not a complete "solution" to
whatever they have asked for.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list