On Oct 6, 2005, at 1:40 PM, Dave Crocker wrote:
With DKIM you still can not prevent an obnoxious sender who is
using a domain that also permits various mail-addresses, unless
you want to block all of yahoo.com for example.
The only thing DKIM "prevents" is detecting invalid uses of a
domain name for a signature.
DKIM, as described, does not prevent or detect invalid uses. Not in
the case of a replay, for example. The domain may consider abusive
replay to be an invalid use when such use impacts future abilities.
Since DKIM does not "do" reputation, talking about the limitations
of using DKIM for reputation strikes me entirely out of scope.
The concern was _not_ about whether DKIM "does" reputation, but
whether DKIM "supports the use of" reputation. This concern is
distinctly different and does not deal with any details related to a
specific implementation of reputation. Strange how only repudiation
is supported, but then only reputation is mentioned in the threat
analysis.
You have again suggested DKIM only supports repudiation. Why is
repudiation essential? Your example seemed to fall apart. Would it
be okay to review an elevator pitch for repudiation?
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org