Alessandro Vesely wrote: > On 01.05.2011 10:38, Hector Santos wrote: >> Again, its about protocol consistency. So maybe I should ask the >> chairs for: >> >> "Consensus needs to be reevaluated" > > IMHO, it needs not: It is premature to define an ODID now. ADSP is > considered somewhat broken, and for this message, for example, it seems that > the relevant id should be "mipassoc.org" rather than "tana.it". ODID would > risk to be a candidate for removal like AUID.
IMV, ADSP is only broken in that it didn't allow you to declare you were allowing mipassoc.org to sign for you or in general "My Mail Is Always Signed - by me or someone else." The only point here is that you did declare an ADSP record (DKIM=UKNOWN) and to get that record, the verifier needs an ODID to be an identity to satisfy the DKIM Service Architecture as described in RFC5585. All the arguable semantics of its value is not the point in the same way regarding the value of SDID. Side Note: Relaxed ADSP policies is a high overhead redundant waste on receivers because the results are indeterminate. This is the same reason why SPF relaxed policies are wasteful too and more domains are changing to a HARD FAIL (-ALL). > From an engineering POV, policy developments are closely related to the > verification software, as a matter of facts, so that cleaning up the > definition of the interface between them doesn't seem to be urgent. Well, sure, current implementations are already supporting AUID and ODID and RFC4871bis doesn't reflect that. Just look at the A-R header recorded by mipassoc.org for your submission signature (that was stripped): Authentication-Results: sbh17.songbird.com; dkim=pass (1024-bit key) header.i=@tana.it It reported AUID, not the SDID. What makes it all harder is DKIM Mail Integration. We are using the A-R to help with adding DKIM related attribute information to import mail into our backend mail storage. We know what to do because of the 5-6 years of being involved with DKIM. But if a new engineer is looking at RFC4871bis, they are not going to gain from all the current implementations experiences. They will need to read RFC5585 (DKIM Service Architecture) and maybe even RFC5863 (Deployment) and probably at some point ask themselves or their boss ask them about security issues and get that from RFC4686 and what will they see? Something about POLICY called ADSP and then ask, ok, what output from RFC4871bis is needed to support this thing called ADSP. They will find "hmmm, there is nothing about it in RFC4871bis. Ok, its the domain in RFC5322.From." All I am saying, lets add that semantic into RFC4871bis and make life easier for the next guy. I guess he will eventually find out at some point and maybe that is what you mean that it isn't urgent. Ok, sure. But we have been so anal with so many other little things, word changes, worried about him not using l= tag or whatever, that we missed out on bigger things he will probably need. Anyway, my opinion. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html