On Sat, 24 Oct 2009 18:13:41 -0400 Barry Leiba <barryleiba.mailing.li...@gmail.com> wrote: >As I see it, the reasons to go to DS would be > >Y1. to progress a fairly stable standard along a defined track, and >Y2. to review it and perhaps clean it up a little along the way, and >Y3. to get broader deployment as a result of higher maturity. > >As to Y3, there's evidence, as Murray has pointed out and as many of >the rest of us are aware, that most deployment comes from publication >as PS, and from other sorts of publicity... and DS probably doesn't >create the swell of deployment that we might like. Still, as long as >the IETF considers the three-stage standards track to have value, I >think there's some value in working within it. > >The reasons not to go to DS would be > >N1. to avoid wasting our time on nominal advancement that has little >or no real value, or >N2. to avoid wasting any more time working on something that's not >very useful, or >N3. in recognition that it's not stable, and that, while it certainly >meets stated criteria for DS now, we think we're likely to change it >significantly after more experience with it. > >My opinion is that N1 is arguable, but that N2 and N3 are not the >case, and that we shouldn't resist advancing DKIM base to DS for >reasons N2 and N3. My opinion is also that, while N1 might be true, >the fact the IETF considers it worthwhile overrides that. > >And note that I'm only advocating advancement for DKIM base at this >point; I think we DO need more experience with ADSP before we have any >clue whether it's stable (or useful).
I think it's a reasonable set of criteria. Where I disagree is that we have a sufficient basis to declare it stable. It has not been very long at all since we rushed a new RFC out to clarify things. What's the basis for confidence that that was it? It is my expectation that if there are any significant warts left in the basic protocol it will become apparent in large scale deployments where DKIM signature data is being used as an input to other processes (like ADSP or private reputation services). I don't see a lot of evidence that such deployments are at all common yet. If other participants have significant experience with these, I'd appreciate hearing about it. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
