But first we need to do *anything at all* that is useful.
....
As of today, there is no standardized transit-time message authentication
technique. If we can produce a standard that permits validating ANY
identity
with a signed message, we will have created a stable base for all sorts
of enhancements.
Perhaps, but a stable base for future enhancements that will actually have
some utility is not, I would think, something useful.
You seem to have missed the "but first" paragraph.
Unless the output of this putative group would at least enable a receiver to
reject a 'bad' message or have more confidence in a 'good' message there is
no incentive for either senders or receivers to deploy.
for some definitions of good messages and bad message.
It would seem to me that there is a necessary tie between the identity being
signed, some e-mail identity that end uses actually see, and some type of
sender policy declaration that would allow receivers to have some idea how
to interpret the presence, absence, and validity of signatures.
Quite a bit of useful filtering is done today that does not require the
end-user
to participate directly and does not involve knowing the sender's "policies"
and
does not require using the rfc2822.from field.
d/
---
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net
_______________________________________________
ietf-dkim mailing list
<http://dkim.org>