ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Review of draft-fenton-dkim-threats-01

2005-10-29 14:14:43
Eliot Lear <lear(_at_)cisco(_dot_)com> writes:

Eric,

I'm not sure if that argument requires a plan to build a reputation
system. However, if the argument is going to be such that a reputation
system is required, then, considering that that's probably the
hard bit, I would tend to think that such a plan would be useful, no?

Useful?  Yes.  Is it something the IETF should do?  I doubt it.  It
strikes me that is the province of vendors at this point. After all,
what would the IETF standardize right now?  A mother-may-I protocol?
How would it differ from a DBL? 

All good questions, but to the extent to which DKIM's usefulness
depends on the answers, I think they need to be addressed first.


Is this something SOMEBODY should do?
Absolutely.  And we know it will be done because it is being done
already.

By whom?


But let me also say that even without reputation the system is still
useful in stopping phishing attacks.  So much so that you recently saw
a note from folks at ebay explaining why this would be useful to them
even if a reputation system was never developed.

I understand that people believe this to be the case. However, given
that phishing basically depends on either domain name confusion or
domain name hijacking, I don't consider that there have been 
particularly strong arguments made for why it would in fact
help (this goes back to my comments on the draft).

-Ekr


_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>