On Thu, Jan 29, 2009 at 5:46 AM, Jim Fenton <fenton(_at_)cisco(_dot_)com> wrote:
Note that I say this is a hint to reputation systems: Nobody can
prevent a reputation from using, or trying to use domain only, and one
can't require that the reputation system will actually pay attention to
a stable identifier, regardless of how it is expressed (in or with the
signature). Reputation systems that do a good job will succeed, and
those that do a poor job will fail. Note also that the stable
identifier would be effectively an additional output of DKIM verification.
Thank you. That's even more reason for this errata doc to express the
view that i= / UAID is metadata that's useful at the sender end (both
during transmission as well as during the analysis of feedback loops,
or other self analysis) and only MAY be considered or checked by
receivers if there's a shared understanding of what it constitutes.
I would even go as far as to say that it need not necessarily be a
stable identifier of the individual author. And attempts to find a
stable identifier might need to look elsewhere (ok, not the from .. a
brand new x-header perhaps?)
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html