IETF Logo Mail Archive

Re: [ietf-dkim] A more fundamental SSP axiom

wayne <wayne@schlitt.net> Fri, 04 August 2006 20:56 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G96iY-00037f-4T for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 16:56:26 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G96iV-0003N9-MJ for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 16:56:26 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k74KtPZT018739; Fri, 4 Aug 2006 13:55:25 -0700
Received: from backbone.schlitt.net (schlitt.net [67.52.51.34]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k74KtCbF018715 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <ietf-dkim@mipassoc.org>; Fri, 4 Aug 2006 13:55:16 -0700
Received: from wayne by backbone.schlitt.net with local (Exim 4.52) id 1G96go-00043K-C8 for ietf-dkim@mipassoc.org; Fri, 04 Aug 2006 15:54:46 -0500
From: wayne <wayne@schlitt.net>
To: IETF DKIM WG <ietf-dkim@mipassoc.org>
References: <20060802002353.U59653@simone.iecc.com> <44D0E259.7040400@mtcc.com> <20060802165510.X1168@simone.iecc.com> <44D160BD.7080209@mtcc.com> <20060802223619.E86316@simone.iecc.com> <44D24A20.6050109@mtcc.com> <20060803153457.X33570@simone.iecc.com> <44D36203.2060803@mtcc.com>
Mail-Copies-To: nobody
Content-Type: text/plain; charset="US-ASCII"
Date: Fri, 04 Aug 2006 15:54:37 -0500
In-Reply-To: <44D36203.2060803@mtcc.com> (Michael Thomas's message of "Fri, 04 Aug 2006 08:04:35 -0700")
Message-ID: <x4ejvw1asy.fsf@footbone.schlitt.net>
User-Agent: Gnus/5.110004 (No Gnus v0.4) XEmacs/21.4.17 (linux)
MIME-Version: 1.0
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Rcpt-To: ietf-dkim@mipassoc.org
X-SA-Exim-Mail-From: wayne@schlitt.net
Subject: Re: [ietf-dkim] A more fundamental SSP axiom
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on backbone.schlitt.net
X-Spam-Level:
X-Spam-Status: No, score=-6.0 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00, GREYLIST_ISWHITE autolearn=ham version=3.0.4
X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100)
X-SA-Exim-Scanned: Yes (on backbone.schlitt.net)
X-Songbird: Clean, Clean
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: IETF DKIM WG <ietf-dkim@mipassoc.org>
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5

In <44D36203.2060803@mtcc.com> Michael Thomas <mike@mtcc.com> writes:

> Part of the problem here is the past record of SPF with over-zealous
> 550 if there's any hint of bogosity. We, for example, would be
> forced to take down a "we sign everything" policy if that were to
> happen with DKIM -- even though we'll be signing everything pretty
> soon.

Based on the past record with SPF, is the any reason to believe that,
people won't treat "I sign some email" as the same as "I sign all
email" and reject email that does not have a valid first party
signature?  There are certainly lots of people who treat publishing
SPF records that end in NEUTRAL more harshly than not publishing SPF
records at all and this has caused at least one major ISP to remove
their SPF records.

(Yes, this is assuming DKIM reaches the same level of deployment that
SPF had back in early 2003.  There isn't much danger right now.)


>       If there were a qualifier in the "I sign everything policy"
> that specifically implies that sending a 550 based on a missing DKIM
> signature alone is extremely bone-headed" then maybe we can both.

This is somewhat along the lines of SPF's SOFTFAIL.  You will find
some people who reject based solely on seeing a SOFTFAIL and you will
find others claiming that SOFTFAIL is functionally equivalent to
NEUTRAL.


> The current SSP has o=! t=y which could in a tortured way be
> construed to have that semantic: "I sign everything, but hey I'm
> testing so take it for what it's worth". If we have something more
> formalized, them maybe we can accommodate these two pretty different
> scenarios.

Expect people to ignore the t=y flag also.


Really, anyone who thinks that signing email with DKIM (or DK or IIM)
will not directly cause some of your valid, non-spam, email to be
rejected is fooling themselves.  Receivers are free to do whatever
they want with their servers, including extremely bone-head things.


Personally, I think there is some value in distinguishing between "I
sign everything and never send to mailing lists and other know
mungers", "I sign everything, but also send to known mungers", and "I
know I don't sign everything".


-wayne
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email