Murray S. Kucherawy wrote: >> Bill Oxley: >> In my mind the whole adsp degenerated into a use case only for well >> recognized narrowband senders such as banks. Had nothing to do with >> reputation sellers, and judging by a recent exit from the market a >> reputation is only as good as it is maintained.
> That's my recollection as well. I never saw any concerted > or even accidental attempt to block, prevent, quash, > overthrow or otherwise prevent policy work from being done. Its hard to not see the gradual removal of all semantics, insights, words related to policy and the refusal to consider the natural identity "authorized signer" as anything but a concerted efforts to marginalized it and reduce incentive to support it. Otherwise, what is the reasoning for for the genocide of the "authorized signer" concept in DKIM? When there is a desire to have a (reasonable) unrestricted 3rd party signer model to work, then you to need to technically eliminate author domain rights to restrict it. ADSP represented that concerted effort. It was not done in the blind. Is that evil? No, but it needs to be explained. > I believe the original policy work was a victim of the fact > that it's very hard to get such things right in this > operational environment, and there was insufficient > operational evidence to support some of the original > proposals. The same can be said for a trust only model. Where is the operational payoff evidence? It is very hard to make it work with a high dependency and risk for an yet to emerge wide trust market place. It can also be said, like ADSP, trust is a very narrow because it can only work today in isolated scenarios between sites with common trust information. ADSP had a consistent result model for all verifiers. Trust does not. Trust is a long term idealized model where centralization information is required in order to have consistency in results. > Ultimately, we simply couldn't reach consensus > on the rich solutions people wanted. Murray, since day one, since SSP, hell, since MARID, the lack of consensus was how to deal with anonymous unknown 3rd party trust assertions. For DKIM, we couldn't agree of a DNS solution because it had to COVER all scenarios, even for the largest. But the conflict came with ADSP excluding the basic idea for the allowance of a 3rd party signer. So even if we didn't have a feasible solution to to explicitly authorized 3rd party signers, we lost the ability to make DKIM operationally consistent with 3rd parties with a basic author domain policy declaration: "MY MAIL IS ALWAYS SIGN BY ANYONE" I don't think it is fair to use lack of consensus because ADSP threw out the WG consensus built RFC4686 security concerns and we didn't have an opportunity to properly vote to void the WG Consensus Built security concerns. Instead, it was flipped. We were force to prove again why 3rd party policies are necessary. It was a guarantee scenario for failure. Yet when the ADSP broken part solutions was proposed (can DKIM=ALL be used to allow the above policy), the document author had no interest to solve it nor remove it from its status broken mode, no consensus quo. > I also can't see the current language as endorsing any > particular layer on top of DKIM. Indeed, we've published an > RFC that presents a (limited) policy solution, but have > deliberately avoided doing any work on reputation at all. > That seems to counter to what's being alleged here. Section 2.5 and section 2.7 specifically describes a layered model for an independent trust assessment service module using an mandatory SDID authenticated output. Isn't that whats written and desired? A fresh reader of DKIM-BASE would conclude there is only one layer model and not conclude there is an well considered security based policy assessment model possible. Finally, please consider that whoever selects a SDID to sign a message, whether its a 1s party author domain, 3rd party delegated or not, or MLM list operator, there are all still an authorized signer selection concept. A verifier using an SDID for trust assessment comes with an inherent operational presumption for an authorized signer selection and certainly not believed to be an unauthorized signer selection. From a functional standpoint, by making it harder in ADSP to have the simple declaration "always signed by anyone" we make it harder for the 3rd parties to fit well, even trusted ones. And in my view, from an IETF protocol standpoint by intentionally removing all ideas for a natural protocol identity concept in DKIM to exist, well, that doesn't seem IETF Kolser and doesn't play well with the IETF idea to lead the way for flexibility and not get locked into a controversial "batteries required" method. -- HLS _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html