[ietf-dkim] Review of DKIM Sender Signing
chl at clerew.man.ac.uk
Thu Dec 6 04:12:46 PST 2007
On Wed, 05 Dec 2007 14:18:09 -0000, Scott Kitterman
<ietf-dkim at kitterman.com> wrote:
> On Wednesday 05 December 2007 08:53, John Levine wrote:
>> >How would doing this work change what verifiers do after the RFC is
>> > deployed?
>> Probably not much, but it will help rein in unwarranted expectations
>> by senders that publishing SSP will affect what happens to their mail.
Exactly. Verifier implementors who do not read the document carefully
enough (Shock! Horror! they wouldn't to that would they!) will see all
those "Verifiers MUST" statements and deduce that they are obliged to
follow them exactly. Which will discourage them from trying innovative and
imaginative techniques which might, in the long term, lead to impprved
filtering of 'suspicious' (or even 'not so suspicious') messages.
And let me remind you that this thread started exactly because Dave
Crocker (who maybe should know better) misread those "MUST"s in exactly
that way. If even the people on this list can mis-read the draft, then
that is a clear indication that its wording needs to be reviewed even
though it does, when read carefully, say the right thing.
> It sounds like a lot of work to say the same thing to me. I don't think
> increasing the quantity and type of ways that the draft says it doesn't
> mandate what receivers will do is a value added use of anyone's time.
Extra work that results in implementors making fewer mistakes is NEVER a
waste of time.
FYI, here is the wording that I suggested again. It isn't necessarily a
pure addition, since it might enable some other less obvious statements of
the situation to be taken out:
> "This document describes processes for what verifiers are expected to do
> in order to achieve what the signers intend.
> But these descriptions are not Normative since there is no compulsion on
> verifiers to follow those processes exactly as described, or even at all.
> Therefore, use of the terms "MUST" and "SHOULD" in these descriptions
> merely indicate the steps verifiers need to take if they want to claim
> adherence to the particular set of processes described here."
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim