Hector Santos wrote:
----- Original Message -----
From: "Jim Fenton" <fenton(_at_)cisco(_dot_)com>
I think the way we all expect to use DKIM is that a message
comes in, we check the signature, then we look up the signing
domain in some sort of reputation system, be it a local
whitelist or something fancier, then if the reputation is
good we accept the mail, if it's bad we reject it, and if
there's no reputation, we fall back and do what we would
have done otherwise.
Agreed.
Jim,
You are kidding? Right? Do you really agreed with this? This is
contrary of your SSP proposal. The above is not the chartered proposal.
I hope we don't get lost into some undefined reputation concept.
IMO, DKIM will not widely adopted with a "Batteries Required" concept.
It will be nice to keep the protocol sweet and pure.
Stephen answered this well, but I'll also assure you that I haven't
recently gone crazy. DKIM, especially with SSP, delivers significant
value on its own, but it's also reasonable to point out the additional
benefits when it is coupled with reputation, accreditation,
[white|black]lists, or whatever.
I suggest we try to keep away introducing a reputation system into the
algorithm. It can always be added separately and independently. But as
a protocol, I don't think it will be widely accepted for a few simple
reasons - What Reputation System? Whose Reputation System? What is the
"Fancy System?" Will it become a 3rd party central repository? Will
there be a buy-in fee? Republican vs. Democrats?, etc. It is going to
very hard to justify further support when we now have to begin promoting
3rd party A/R into our product lines.
I wasn't trying to introduce a reputation system into the algorithm.
I'm not even sure whether reputation or accreditation will prevail when
we get to that at some point in the future. The questions you raise are
exactly why we don't want to go down that rathole.
-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org