Doug,
I'm having a problem entering this as an issue. I'm creating a
placeholder called "Does Section 4.1.4 properly address traceability and
accountability?" Please see below.
Douglas Otis wrote:
---[D: Overlooking a practical solution while also recommending a
highly unfair solution.]
,---
|4.1.4. Chosen Message Replay
|
| ... One approach to this problem is for the
| domain to only sign email for clients that have passed a vetting
| process to provide traceability to the message originator in the
| event of abuse.
'---
Unless there is an expectation that individuals obtain their own
certificates from a trusted authority, individual reputations on a
cost-free email-address would be completely futile and unfair as DKIM
does not necessary verify the valid use of an email-address anyway.
I don't see why you went here. Use of certificates is certainly one
valid approach but it is not the only one. Within an enterprise it
should be possible to impose policies in conjunction with simpler
mechanisms such as DKIM to get traceability. Once again, one size does
NOT fit all. Especially if the message is protected. Remember,
deciding whether something is spam generally does not involve a single
input but instead involves many.
Eliot
_______________________________________________
ietf-dkim mailing list
http://dkim.org