[ietf-dkim] Output summary - Keep your Eye on the Prize!
hsantos at isdg.net
Sat May 7 07:07:59 PDT 2011
Alessandro Vesely wrote:
> On 06/May/11 21:09, John R. Levine wrote:
>>> this, but I need to get a clear view of consensus. Doug agrees with
>>> Hector's note, below, and Dave and Murray do not. I'd like to hear
>>> from others within the next few days, about whether you think we
>>> should make the change Hector requests or not.
>> Dave and Murray are right, Hector is not.
> +1, since we don't know precisely what output is actually used.
Therefore, since we don't know, we discourage usage, exploration. On
the other hand, we encourage a single output for a MUST Trust Assessor
Identity where by far, the majority of the receivers don't have. I
will venture using pareto, over 80% and most likely more 95-99%.
I suggest we do know how what output is being used or would be used if
enabled or is a technical requirement:
1) Empirical Fact!
We know SDID is showing a very low payoff and very useless utility
with a majority of DKIM mail coming from unknown signers and spammers
2) Current Implementations API Fact!
We know ODID is used for ADSP lookups, optionally or not.
3) Technical Fact!
We don't know if AUID is part of anything outside of it being adding
as another signing bit, but it is WRITTEN in the technical
specification as a MAY for Output.
I believe I am more RIGHT here than David and Murray and you.
Hector Santos, CTO
More information about the ietf-dkim