> -----Original Message----- > From: Dave CROCKER [mailto:d...@dcrocker.net] > Sent: Wednesday, June 02, 2010 4:06 PM > To: MH Michael Hammer (5304) > Cc: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong > Discussion > > > > On 6/2/2010 12:58 PM, MH Michael Hammer (5304) wrote: > >> Since we've been seeing reports of breakage due to using ADSP records > for > >> domains that are not under sufficient control, it is clear that some > >> fraction of the ADSP-using world does not understand what it is for, or > at > >> least what its limitations are. > > > > If we apply this to other standards (SMTP, DNS, HTTP, etc) we would just > > have to power down the whole internet. The best that we can do is come > up > > with something that makes a modicum of sense, fix things we didn't > anticipate > > or understand because we needed operational experience and move on. > > > > There will always be some fraction of the user/implementer base that > won't > > understand protocols, standards or RFCs. It kind of goes with the > territory. > > > Mike, this is the sort of discussion disconnect that prevents making > progress. > I'm copying the list because it's a broad-based problem we are all having > in > trying to discuss issues. >
Simply stating that we are seeing some reports of breakage due to using ADSP records for domains that are not under sufficient control does not add much of anything meaningful to the discussion. This issue has been discussed for YEARS and now that we see it some people are acting shocked? I'm shocked I tell you. I seem to remember this very discussion at an excellent dinner following the FTC workshop in 2007. This same discussion was held years before that when SSP was just a gleam in everyone's eye. This is something that was predicted and predictable. At the end of the day, ADSP was a compromise that limited usefulness to a handful of corner cases implemented under extremely tight control at the risk of breakage and collateral damage if not carefully implemented. > First, a question was put forward and I offered an answer. It is simply > not > fair to then respond in a manner that dismisses that answer (or at least > dismisses it in this way.) > > Second, the usual way that services get successful is to look for problems > in > their use and look for ways to correct them. Simply saying that there are > always some problems is not helpful. > We know the answers for ADSP... see above. > Third, we do not have massive amounts of ADSP success which permits > marginalizing a tiny amount of problems. We have tiny use, with notable > breakage. > I'm still waiting for someone to produce use numbers (of domains) for ADSP. Just out of curiosity, what number do we have to reach to hit the technical term "massive"? Somehow I doubt that in it's current incarnation ADSP will ever have massive implementation. >From another perspective, in the greater scheme of standards, ADSP is still very much wet behind the ears. It wasn't until October of 2008 that there was interoperability testing. > Fourth, it has become increasingly clear to me, at least, that there is > broad-based misunderstanding of what can reasonably be accomplished with > DKIM > and what can reasonably be accomplished with ADSP, versus what cannot. I agree with you on that. Something along the lines of pixie dust, unicorn horns, magic spam prevention, makes you taller and your teeth whiter... > Failure > to gain broad-based agreement about both capabilities and limits ensures > an > on-going mismatch in expectations. > And thus the rise of 3rd party "trusted intermediaries"......... > If proponents want simply to keep automatically saying that things are > great and > keep automatically rejecting any counter-points, then I'm not clear what > the > purpose of these discussions is. > I'm not a proponent and I'm not saying things are great. I believe I've stated a few times that I believe that ADSP is crippled and I don't see myself publishing "discardable". When the counterpoints are along the lines of "some people" have "some problems" and the point is made "if we were following the standard then we wouldn't be seeing your mail anyways", then my response is..... then why aren't you discarding it? Either you believe in the standard you helped craft or you don't. So, is this a discussion about a BCP for MLMs or is this a discussion about revisiting the ADSP spec? The course of the discussion really depends on what the consensus is. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html