[ietf-dkim] Tracing SSP's paradigm change
Steve Atkins
steve at blighty.com
Thu Dec 6 09:49:51 PST 2007
On Dec 6, 2007, at 9:29 AM, Michael Thomas wrote:
> Steve Atkins wrote:
>> On Dec 6, 2007, at 8:57 AM, Michael Thomas wrote:
>>> Dave Crocker wrote:
>>>> Michael Thomas wrote:
>>>>> And as far as I can tell, you alone seem to be carrying this torch
>>>>> here. Changing what we agreed on with rfc5016 should require a
>>>>> very
>>>>> high barrier. I see little if any support, let alone broad
>>>>> consensus
>>>>> that we got it wrong.
>>>
>>> You still didn't respond: did you read 5016 before it was issued?
>>> In fact I know that you did because you gave a lot of very
>>> detailed
>>> feedback. And this was not one of the thing you commented on at
>>> the
>>> time, so charges of "paradigm change" ring rather hollow.
>>>
>>>> So, you missed the postings by Levine and Atkins? (Perhaps some
>>>> others were on "my" side of this topic, but these two were at
>>>> least quite explicit.
>>>
>>> I didn't read them as supporting your reading. Let them speak for
>>> themselves. There are a lot of things being discussed, after all.
>> I broadly agree with most of Dave's concerns...
>
> Believe it or not, I agree with some of Dave's too. But that isn't
> the issue at hand. The specific issue is whether *any* DKIM signature
> from *any* domain should be sufficient to qualify for "strict" or
> "all".
> Do you agree with that or not?
In a well-designed protocol based on DKIM, yes I'd agree that a
validly DKIM signed message should not provoke an SSP query.
But that's not the protocol we have.
I think RFC 5016 shows a lack of understanding of DKIM (or is choosing
not to consider some important features of DKIM), and is
part of the push to try and build a next generation SPF on
an inappropriate base authentication technology.
Cheers,
Steve
More information about the ietf-dkim
mailing list