[ietf-dkim] ADSP result set

[Frank Ellermann]

Douglas Otis wrote:

>> I don't care much about the name, "open", "unknown", "neutral",
>> "maybe", whatever.
 
> When describing the "practice" state, using the term "unknown" is  
> utterly wrong.  Even asserting a practice has meaning well beyond  
> "unknown".  The term OPEN does not attempt to conflate the default  
> state with that of an asserted state.

Okay, strike "unknown" if you don't like it.  Admittedly I didn't
get that your "open", "closed", and "locked" proposal was based on
the simple picture of an open, closed, or locked *door*.  

> The CLOSED assertion represents an intent to limit users to
> signing outbound MTAs.  When used for typical email conversations,
> this intent does _not_ ensure receivers that "all" Author Domain
> emails will arrive with valid signatures.

And why would receivers be interested in different shades of grey ?
They need an actionable result, ideally rejecting unsigned mails.
As others noted, spending cycles on ADSP has to be worthwhile for
receivers.  

> By asserting CLOSED, the Author Domain indicates a desire that
> invalid signatures be carefully weighed and perhaps accepted.

Sounds like SOFTFAIL, "please do the right thing, whatever it is,
but don't delete my good mails, and reject bad mails".  

> The LOCKED state is very different from that of CLOSED.  The  
> LOCKED assertion might be intended to thwart acceptance from
> unused domains whenever a message lacks a valid signature.

Fine, then let's say "locked" is the real thing, and "closed" is
too unclear to be useful.  We should stick to the known SOFTFAIL
and (hard) FAIL terms instead of inventing new terms, and copy
the known SOFTFAIL caveats (= use it for testing, not forever).

You can't lock a door by putting a note on it saying "locked" :-)

 Frank