You'd posited that a "sender" gets one shot. So really (as in any
whitelisting system), you have to make a decision as to what "sender"
means. I'm not fond of whitelisting myself, we support it, but we
consider it a patch to deal with a failure in the system. The
inability to nail down "identity" is the primary reason I don't like
it.
I appreciate your point that a system implementing this sort of approach
probably has to track *identifiers*. The cheapness of identifiers (email
addresses, whatever) is a feature (strength / weakness - depends on your
p.o.v.) of the current system.
I'm not sure that this is a fatal objection to all and any permission-based
proposals, in-band or (as MKD suggests) OOB. I've got a bad feeling that it
leads me back down the "Certs required to send mail" track.
Ho hum.
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to
regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg