[ietf-dkim] re-chartering to handle 3rd party signatures
dotis at mail-abuse.org
Fri Jan 22 15:59:24 PST 2010
On 1/22/10 9:39 AM, Murray S. Kucherawy wrote:
>> 2. 3rd-party authorization label:
>> If you have not read this draft, please do; we'd like to get a good
>> sense of whether to work on this.
> Nay until presented with evidence that this is an actual pain point.
Yes, of course, being in support of 2. For example, extending the
current RBL approach confronts difficulties when scaling to support
IPv6. The application of 3rd-party labels would assist in a transition
toward positive reputations.
3rd party labels would permit DKIM signatures to better correspond with
providers, rather than the much larger number of their customer's
domains. In this way, the 3rd party label authorization scheme greatly
expands the percentage of author domains assured by valid DKIM
signatures. By allowing DKIM to quickly and economically offer
assurances for the bulk of the email carried, while still allowing
customers an ability to employ any desired provider, DKIM could thereby
establish a basis for acceptance.
A 3rd-party label should help prevent the number of DKIM signatures from
exploding along with the growing number of domains soon to come into
existence, that will likely be leveraged by spammers. DKIM signatures
could instead reflect a much smaller number of providers offering email
services. The stability this would provide should help minimize
difficulties when confronting the massive IPv6 address space and rapidly
expanding number of domains.
>> 3. Other 3rd-party signing issues (New protocol? Info doc?)
> Yea on the informational document, pending evidence that an actual protocol is needed. (I always support more informational documents, in the constant presence of evidence that the industry as a whole doesn't fully understand all the implications of DKIM and its related work.)
> Nay on the protocol until presented with evidence that this is an actual pain point.
While the 3rd party label draft might seem overly complex, it was to
minimize the number of transactions needed to support an authorization
scheme at any scale. There does not appear to be any need to change
DKIM to offer 3rd-party authorizations. It should become clear soon
enough, acceptance based principally upon IP addresses will become
It would be good to offer an experimental method that might be tried as
a way to obtain greater experiences as to practicalities of what might
be made to work within the current DKIM infrastructure, at least cost,
while minimizing the impact on mailing-lists. Mailing lists might even
benefit from a Google style ranking system that could be evidenced by
the number of domains authorizing their service.
More information about the ietf-dkim