John L wrote:
The third is "<foo> signs all my mail", if it turns out that there
actually exist foo's that reliable enough to delegate's one's signing,
and that it's easier to do that than to sign in the MUA or to provide
signing keys so that foo can put on the sender's signature.
Outsourcing for mail sending is already common, so it seems likely that
delegating signing would be, too.
But my question is why it is better to have a "delegation of my domain" scheme
rather than simply having the outsourced sending do its own signature and then
use its domain name for evaluating its own reputation. If it is a Good Actor,
then it shouldn't need to rely on the domain name of the content author. If it
is a Bad Actor, then relying on the domain name of the content author would
merely wind up hurting the content author.
So my suggestion would be to use a format similar to the one we use for
the signatures, put the first two items in the spec, and use a syntax
that permits people to experiment with new items and propose the useful
ones for later standardization.
Something this minimalist does indeed seem like the best approach: 1)
standardize a publication mechanism for an extensible list of practices; and 2)
include a tiny number of extremely interesting practices to publish, to seed the
effort.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html