[ietf-dkim] DKIM+ADSP = FAIL, and it's our fault
hsantos at isdg.net
Tue Sep 14 17:12:12 PDT 2010
Hector Santos, CTO
Steve Atkins wrote:
> On Sep 14, 2010, at 12:35 PM, J.D. Falk wrote:
>> Yes, I know it requires more effort, but what we've been doing so far
>> clearly isn't working.
> The problem is that the two things have badly conflicting requirements. DKIM is based on a domain-based identifier that's independent of the From: domain, and that's where much of it's value comes from. ADSP is based on a domain-based identifier that must remain identical to the From: field at all times, and that's where it's sole value comes from. ADSP intrinsically conflicts with the original design case for DKIM, despite being piggy-backed on to it.
> So any document that puts forth even basic good practices for DKIM usage for monitoring sender reputation (use d= to differentiate mail streams) is going to be anathema to ADSP requirements (d= must be the same as the From: domain).
> And any ADSP-driven set of requirements (mailing lists should not only re-sign any mail they re-send, they should alter the From: address to match) is going to be considered nonsensical by people who consider DKIM a way to tie an identity cookie to a message.
> And, as we've seen, any compromise document is hated by pretty much everyone, even assuming you can get there.
> NOTE WELL: This list operates according to
More information about the ietf-dkim