Wednesday 17 November 2004


This morning was manic. Moderated two panels: one on spam one on phishing. Back-to-back meetings for the rest of the day. I love it. Am I mad?

Monday 15 November 2004

Larry Seltzer: DomainKeys is good

Gosh. Two posts linking to Larry in one day? People will talk...

Larry's article is a well-argued case for Yahoo! DomainKeys. In summary:

  • Yahoo! is playing nice about suggested changes
  • It's also playing nice about IP licensing
  • The crypto burden isn't as onerous as it's cracked up to be
I agree with him that the CPU burden shouldn't be an issue. Anyone who's worked with well-designed large-scale email for long enough realises that the bottlenecks are to with disk I/O, not CPU horsepower. Unfortunately, most Exchange boxen quake at the thought of additional CPU load...

However, there are other burdens of crypto approaches, which are more to do with key generation, key management, and cache coherency. None of this is rocket science, but it could impose significant "friction" to impede adoption.

As I also said in that eSeminar, there's room for more than one authentication scheme. Indeed Meng Wong argues that, as things stand, we need both SPF/SenderID and DomainKeys, in order to cover all the corner cases.

But there are other reasons to love SPF more than DomainKeys. I mean, what's not to love about a developer who confesses that he "remains very shy with girls" and looks like this? ;-)

Larry Seltzer: Firefox fixed

Larry's being having Firefox problems, fixed by uninstalling and reinstalling.

I love Firefox and Thunderbird, but the Mozilla folks have been saying "you must uninstall before installing a new version" for too long now. Even as recently as 0.9.3 (the last version before 1.0PR), the release notes recommended this. What that says to me is that the installer might not get enough test exposure.

Having said all that, I still think it's reasonable to ask testers to uninstall/reinstall before reporting problems. BUT if the uninstall fixes the problem, it should still get reported, as it can highlight an underlying bug.