Re: [dmarc-ietf] third party authorization, not, was non-mailing list

[Dave Crocker <dhc@dcrocker.net>]

On 8/14/2020 7:12 AM, Dotzero wrote:
>       At that time there were also folks pushing for PGP, GPG, 
> Personal Certificate and  S/MIME as  paths forward.

There was, by then, a long history of these failing to scale.


> Even with that, it took a while for industry efforts to gain some 
> sense of clarity. Notice that the general path forward was basically 
> domain based and not individual user/client based.

SPF and DomainKey were informal, spontaneous, private efforts. They 
established their viability long before reaching a standards venue.  So 
there was no 'policy' 'decision' to make this approach.


> There was a debate within the DKIM effort regarding i= vs d= to the 
> extent that at one industry event people were walking around with 
> little stickers on their badges to indicate which they supported. I 
> believe that was courtesy of Dave Crocker.

This was a follow-on issue after DKIM was initially published. We 
realized that the spec said that DKIM's goal was to provide an 
identifier, but then it didn't specify which one to use, the one in the 
i= parameter or the one in the d=.  (Note that neither of these was 
requirement to correlate with any other identifier in the message.

The IETF working group debate about this was intense and was not 
converging on a choice. One of the early arrivals to the meeting walked 
through the hotel's entrance, saw me, and said "d= or i=?" and I 
realized we could have some fun both promoting the issue at this 
industry trade event, and possibly get some constructive discussion.  
The meeting staff were helpful in provide sticky dots to use.


d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net