I certainly agree that DKIM appears to have lower barriers to deployment than some of its predecessors (e.g. S/MIME), and I also think that there's more of a perceived need for something like DKIM than there was for its predecessors...if S/MIME were being promoted as a new thing today, it might be more successful.
I'm not sure that DKIM lowers the barriers enough to enable the "network effect", but I think it's a step in the right direction if it can lower the deployment barriers AND be made to provide the right functionality. (I don't think it does the latter yet) but I think goal #4 is unrealistic or misstated. DKIM should be relatively non-hostile to legacy MUAs and MTAs (as compared to multipart/security based solutions) but MUAs and also some MTAs will need to be upgraded to significantly benefit from DKIM. Keith > I think that there's one other important aspect that's hard > for me state concisely. Utility is often bound up in the network > effect, and though PGP and SMIME solve for many of the threats > -- equally or superior -- they have not achieved any sort of > network effect. I believe that DKIM by design is specifically > trying to address the network effect and make it a goal. We > have made some specific design decisions that are ultimately > traced back to that goal: > > 1) use of DNS, and our lowering the bar on cryptographic trust anchors > 2) lowering the expectation of what is actually asserted (ie, domain > based rather than individual based) > 3) absolutely no attempt to deal with encryption > 4) the ability to ride "stealthfully" within the existing > infrastructure without need to upgrade either MTA's or MUA's > 5) ease of deployment at choke points (MTA's), and into existing > naming infrastructure (DNS) _______________________________________________ ietf-dkim mailing list http://dkim.org
