ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Review of draft-fenton-dkim-threats-01

2005-11-01 12:22:37
On 11/01/2005 13:59, Arvel Hathcock wrote:
Since the people I know involved with DKIM expect it
to be plenty useful without third party reputation services,
I'm not sure what your point is.

Well, they may expect it to be, but I haven't heard any arguments
along those lines that I find convincing.

Really??  If I see a message which is DKIM signed by iecc.com and iecc.com
is on my "DKIM white-list" this is pretty useful info right?  I can
probably get away with relaxing or even skipping heuristic spam filtering
on that email with a fair degree of comfort.  How is the utility of that in
any way unclear?

If one were making the argument that reputation is essential to DKIM, one 
might describe your whitelist as a simple reputation system.  Since there is 
so little agreement on what a 'reputation system' is or how to effectively 
instantiate one based on a reliable identity, I think putting the entire 
reputation question outside the scope of the proposed WG was a really good 
idea.

Of course, SSP might allow one to make policy based decisions independent of 
reputation.  I find it a bit odd to see what appears to be people saying that 
we need to get rid of SSP because DKIM needs a reputation system and then 
accounting the so called need for a reputation system as a weakness of DKIM.

Absent SSP (or something like it), then in the broad sense of the word, DKIM 
does need some kind of reputation system to be effective.  I think it's 
important to get SSP right (we can do that after there is a working group).

Scott Kitterman
_______________________________________________
ietf-dkim mailing list
http://dkim.org