On 11/16/2005 16:32, Douglas Otis wrote:
On Nov 16, 2005, at 12:47 PM, Stephen Farrell wrote:
A claim made in the charter of detecting spoofing depends upon a
comparison of the signing-domain with the email-address domain.
There is no such absolute claim that I can see in the draft
charter [1].
The charter still offers justification for pursuing constraints on
the email-address. That aspect should be removed from the charter
and deferred to permit broader consensus independent of the DKIM
effort. In the meantime, the base DKIM can developed and deployed.
To offer a comprehensive solution for sites where transactional email
is being commonly spoofed, a BCP should be created perhaps in
cooperation with the APWG. Several criteria could then be applied,
where one should include DKIM signatures. The fastest effective
response to the ongoing problem would be to dedicate a zone and list
those domains that indicate they are in compliance in the BCP. We or
others could offer that service as a means to expedite DKIM
development. : )
That just sounds like substitution of a single centralized list of domains
wishing to impose a very restrictive SSP. I think your solution would fall
within the charter as written.
Personally, I don't think it's a better way to solve the problem, but rather
than engineer the solution into the charter language, why don't we just get
chartered and then do the work?
Scott K
_______________________________________________
ietf-dkim mailing list
http://dkim.org