[ietf-dkim] 1365 yes/no
Steve Atkins
steve at blighty.com
Thu Mar 1 08:41:01 PST 2007
On Mar 1, 2007, at 12:29 AM, Hector Santos wrote:
> Hallam-Baker, Phillip wrote:
>>> Subject: Re: [ietf-dkim] 1365 yes/no
>>>
>>>
>>> On Feb 28, 2007, at 2:23 PM, Stephen Farrell wrote:
>>>
>>>> issue #1365 calls for eliminating requirement
>>>> 6.3.2 which says:
>>>>
>>>> " [PROVISIONAL] The Protocol MUST be able to publish a Practice
>>>> which is indicative that domain doesn't send mail."
>>>>
>>>> If you want to eliminate that requirement say: +1 If you
>>> want to keep
>>>> that requirement say: -1
>> +1 its out of charter scope
>
> I've heard you say this a few things, and I've been begging to ask
> because I'm scratching my head over how its out of scope?
>
> This POLICY and among others have been part of the design
> discussions/debates process since the beginning with the original
> SSP specs, the current SSP specs including my own DSAP and most
> importantly, it being already MODELED in published DKIM/SSP open
> source software.
It's been out of scope since day one. The argument for keeping it has
been "Yeah, it's out of scope, but what the hell, we're throwing
stuff that's far less useful into the pile of stuff. At least this
one piece has some conceivable real world use, lets keep it."
> Not wanting it is one thing, but saying its out of scope, I would
> disagree with that for one simple reason: Bad guys will most likely
> randomly use domains with fasimilies of 3rd party signatures. If a
> domain doesn't send mail, not only will this policy indirectly
> protect the domain but also directly reduce the abuse on the receiver.
> In my view it is extremely powerful policy with a very high payoff.
(No, I don't have a +1 or a -1 on this, as I really don't care by
this point).
Cheers,
Steve
More information about the ietf-dkim
mailing list