[ietf-dkim] draft-ietf-dkim-ssp-02.txt

Hector Santos hsantos at santronics.com
Fri Feb 1 16:11:44 PST 2008 

Douglas Otis wrote:
> 
> On Feb 1, 2008, at 3:18 PM, Hector Santos wrote:
> 
>> Douglas Otis wrote:
>>> This draft goes to the opposite extreme of the ASP draft and 
>>> increases the restrictions for "all" compliance as well. This draft 
>>> indicates _ALL_ messages are to include a signature with an i= 
>>> parameter matches that of an identity within the From header.  This 
>>> is not the defined use for RFC 4871.
>>> The ASP approach creates fewer corner cases.  At least with the ASP 
>>> draft, any risk of misuse remains within the control of a domain to 
>>> rectify.
>>> IMHO, unless the SSP draft is changed to comply with RFC 4871, the WG 
>>> should consider adopting the ASP draft instead.
>>
>> First, I don't agree that SSP did not comply with RFC 4871.
> 
> No. RFC 4871 does not comply with SSP.
> 
>> Second, I for one am tired of this stuff going on in this WG.
>>
>> For all intent and purposes this ASP Adaptation is essentially the 
>> same document, the same copy of SSP with essentially the term 
>> Originator changed to Author.
> 
> I strongly disagree.  Please review the differences.
> 
> Per ASP:
> 
> 2.8.  Author Signature
> 
>  An "Author Signature" is any Valid Signature where the *signing domain*
>  (listed in the "i=" tag if present, otherwise its default value,
>  consisting of the value of the "d=" tag) matches the domain of an
>  Author Address.
> 
> Per SSP:
> 
> 2.8.  Author Signature
> 
>  An "Author Signature" is any Valid Signature where the *identity* of
>  the user or agent on behalf of which the message is signed (listed in
>  the "i=" tag or its default value from the "d=" tag) matches an
>  Author Address in the message.
> 
> IMHO, ASP is a far better definition and does not impose changes with 
> respect to how RFC 4871 might be used.

So just a rephrasing of a sentence makes this a different a new and 
competing and better PROTOCOL?  You got to be kidding me.  No wonder we 
are not going to get anything done around here - at least not something 
that can only be cherished by a limited group.

It is basically all the same text just reworded. ASP is not different 
enough to view it as a alternative protocol - it is still SSP with 
SEMANTICS changes.

And for the matter, SSP-02 is ASP and ASP is SSP-02.  The question is 
who gets credit for the now flawed and watered down draft.


-- 
Sincerely

Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com

More information about the ietf-dkim mailing list