[ietf-dkim] list vs contributor signatures, was Wrong Discussion
MH Michael Hammer (5304)
MHammer at ag.com
Wed Jun 2 13:36:53 PDT 2010
> -----Original Message-----
> From: Dave CROCKER [mailto:dhc at dcrocker.net]
> Sent: Wednesday, June 02, 2010 4:06 PM
> To: MH Michael Hammer (5304)
> Cc: ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
> On 6/2/2010 12:58 PM, MH Michael Hammer (5304) wrote:
> >> Since we've been seeing reports of breakage due to using ADSP
> >> domains that are not under sufficient control, it is clear that
> >> fraction of the ADSP-using world does not understand what it is
> >> least what its limitations are.
> > If we apply this to other standards (SMTP, DNS, HTTP, etc) we would
> > have to power down the whole internet. The best that we can do is
> > with something that makes a modicum of sense, fix things we didn't
> > or understand because we needed operational experience and move on.
> > There will always be some fraction of the user/implementer base that
> > understand protocols, standards or RFCs. It kind of goes with the
> Mike, this is the sort of discussion disconnect that prevents making
> I'm copying the list because it's a broad-based problem we are all
> trying to discuss issues.
Simply stating that we are seeing some reports of breakage due to using
ADSP records for domains that are not under sufficient control does not
add much of anything meaningful to the discussion. This issue has been
discussed for YEARS and now that we see it some people are acting
shocked? I'm shocked I tell you. I seem to remember this very discussion
at an excellent dinner following the FTC workshop in 2007. This same
discussion was held years before that when SSP was just a gleam in
everyone's eye. This is something that was predicted and predictable.
At the end of the day, ADSP was a compromise that limited usefulness to
a handful of corner cases implemented under extremely tight control at
the risk of breakage and collateral damage if not carefully implemented.
> First, a question was put forward and I offered an answer. It is
> fair to then respond in a manner that dismisses that answer (or at
> dismisses it in this way.)
> Second, the usual way that services get successful is to look for
> their use and look for ways to correct them. Simply saying that there
> always some problems is not helpful.
We know the answers for ADSP... see above.
> Third, we do not have massive amounts of ADSP success which permits
> marginalizing a tiny amount of problems. We have tiny use, with
I'm still waiting for someone to produce use numbers (of domains) for
ADSP. Just out of curiosity, what number do we have to reach to hit the
technical term "massive"? Somehow I doubt that in it's current
incarnation ADSP will ever have massive implementation.
>From another perspective, in the greater scheme of standards, ADSP is
still very much wet behind the ears. It wasn't until October of 2008
that there was interoperability testing.
> Fourth, it has become increasingly clear to me, at least, that there
> broad-based misunderstanding of what can reasonably be accomplished
> and what can reasonably be accomplished with ADSP, versus what cannot.
I agree with you on that. Something along the lines of pixie dust,
unicorn horns, magic spam prevention, makes you taller and your teeth
> to gain broad-based agreement about both capabilities and limits
> on-going mismatch in expectations.
And thus the rise of 3rd party "trusted intermediaries".........
> If proponents want simply to keep automatically saying that things are
> great and
> keep automatically rejecting any counter-points, then I'm not clear
> purpose of these discussions is.
I'm not a proponent and I'm not saying things are great. I believe I've
stated a few times that I believe that ADSP is crippled and I don't see
myself publishing "discardable".
When the counterpoints are along the lines of "some people" have "some
problems" and the point is made "if we were following the standard then
we wouldn't be seeing your mail anyways", then my response is..... then
why aren't you discarding it? Either you believe in the standard you
helped craft or you don't.
So, is this a discussion about a BCP for MLMs or is this a discussion
about revisiting the ADSP spec? The course of the discussion really
depends on what the consensus is.
More information about the ietf-dkim