Re: [ietf-dkim] draft-fenton-dkim-threats-00
2005-10-06 19:09:47
DKIM
validates the use of an identity. A validated
identity has a number of uses, including as the referential basis for
developing a reputation information service. However identity
validation is merely input to the creation of such a service, rather
than having any reputation-related semantics of its own.
That is fairly close to the second paragraph of section 1, although
your version doesn't discuss locally maintained whitelists (arguably
not a reputation information service) nor accreditation services, both
of which also benefit from DKIM. My version doesn't re-emphasize that
it is input to such a service, as your last sentence does.
It does not talk about ANY of the different forms that assessment can
take. The current draft uses whitelist, reputation and accreditation
is highly constrained ways. None of the words is used in a fashion
that represents their full range.
I happen to think that is fine, because the sentence they are in is
used merely to provide some exemplars.
The problem is that we keep seeing readers of the document fall into
the same trap that this thread is about.
I think the second sentence is fine. Clear, simple, direct, relevant
and even correct. Yet people keep trying to raise the spectre of the
various assessment concerns.
I don't know what to suggest to either prevent it or redirect it. But
I class this as an issue of "bullet-proofing" the document rather than
"fixing" it.
In
any event, I was commenting on the cited statement, which the
threats document does focus on.
My point is that this obnoxious Dave Crocker that you do not want to
receive mail from qualifies as a Bad Actor, but no spoofing is
involved.
True, but I have been saying that this is a class of Bad Actor that
DKIM does not address. I am beginning to see that it should say
something about supporting other mechanisms against these bad actors,
even though it doesn't itself solve the non-spoofing obnoxious sender
(NSOS?) problem.
Again, I was responding to a specific point of discussion, here. The
discussion here, as with most discussions like it, has its sole focus
as being spoofing. That's what people keep citing as the concern.
Yet is should not be the only one.
But I'll stop now, because the point has certainly been discussed
enough, either to establish it or to establish that it won't get
established...
d/
|
_______________________________________________
ietf-dkim mailing list
http://dkim.org
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-dkim] draft-fenton-dkim-threats-00, (continued)
- Re: [ietf-dkim] draft-fenton-dkim-threats-00, Jim Fenton
- Re: [ietf-dkim] draft-fenton-dkim-threats-00, Dave Crocker
- Re: [ietf-dkim] draft-fenton-dkim-threats-00, Jim Fenton
- Re: [ietf-dkim] draft-fenton-dkim-threats-00,
Dave Crocker <=
- Re: [ietf-dkim] draft-fenton-dkim-threats-00, Earl Hood
- Re: [ietf-dkim] draft-fenton-dkim-threats-00, Arvel Hathcock
- Re: [ietf-dkim] draft-fenton-dkim-threats-00, Earl Hood
- Re: [ietf-dkim] draft-fenton-dkim-threats-00, Hector Santos
- Re: [ietf-dkim] draft-fenton-dkim-threats-00, Michael Thomas
- Re: [ietf-dkim] draft-fenton-dkim-threats-00, Earl Hood
- Re: [ietf-dkim] draft-fenton-dkim-threats-00, Earl Hood
RE: [ietf-dkim] draft-fenton-dkim-threats-00, Hallam-Baker, Phillip
RE: [ietf-dkim] draft-fenton-dkim-threats-00, Hallam-Baker, Phillip
Re: [ietf-dkim] draft-fenton-dkim-threats-00, Earl Hood
|
|
|