I concur with Tony's model that a signature only means "I will accept
the blame for this message".
I don't think that flies, or at least, I think that makes DKIM of fairly
marginal value. A message itself is rarely blameworthy; what matters is
the context.
Right. The context is who signed it. Other than you, I see no interest
at all in Lumos-style schemes to express complex semantics of signatures.
So if DKIM is going to be at all useful, it has to distinguish between
an author signing the content and a (re)sender signing "yes, I (re)sent
the message to this set of recipients".
You keep saying this, but it doesn't follow from your other arguments, and
it's just plain not true. A signature that lets me tie a message to a
domain is plenty useful with no other semantics attached.
I'm planning to look up the signing domain in whatever passes for a
reputation system, and if it says good, I'll accept it, if it says
bad, I'll reject it, and if it says nothing, I'll send the message
through the filtering gauntlet I use now.
And what problem does this solve? Why does the fact that mail has
passed through your MTA confer some sort of legitimacy on it, no matter
what the content or the context?
Because domains are run by people, some of whom do a much better job of
managing their mail than others. To pick a concrete example, if mail is
signed by aol.com, I'll accept it because AOL does a really good job of
keeping their mail stream under control. But if it's signed by
hotmail.com or msn.com, I'll aim it into the spam filter with all the
knobs turned up to maximum because they're infested with 419ers, all using
valid addresses hosted by Hotmail.
R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org