On Tue, Oct 28, 2014 at 9:43 PM, Stephen J. Turnbull <step...@xemacs.org> wrote:
> Hector Santos writes: > > > You (speaking in general) either support a policy concept or you > > don't. Thats been the dilemma all these years. > Stephen's summary of the state of things matches my understanding pretty much exactly. The "dilemma" has nothing to do with not supporting policy. It has everything to do with the fact that the policy mechanisms we've come up with so far don't work; they are too complicated, they're easily beaten, they don't scale to large ESP size, they only apply to some kinds of mail, they don't provide enough bang for the buck, or some combination of those. It's untrue that we never gave them a chance. ADSP and ATPS, for example, became RFCs and got released as part of commercial and open source products because we thought they might be worth trying out. For ATPS, there was absolutely no interest; for ADSP, people tried it and didn't like what they saw. If there were other things that were tried that actually stood a chance of working, I've yet to hear about them. As far as I'm concerned, the "policy concept" that will succeed is something that meets most or all of those requirements. But I would rather release email authentication protocols without a third-party capability, or even without a policy capability at all, than saddle it with some kind of broken extension that's got some or all of these flaws. That's what we did with DKIM, and in retrospect, it was certainly the right thing to do. Moreover, it'll take some pretty strong arguments, or actual data would be even better, to form consensus around such a thing. Hopefully we've now said enough on this thread about policy and third-party stuff, especially since it has nothing at all to do with reaching our first milestone. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
