On Jan 31, 2006, at 4:07 PM, J.D. Falk wrote:
On 2006-01-31 15:20, Douglas Otis wrote:
2. the "spammers have co-opted DomainKeys wtf omg" story was
last year:
http://www.eweek.com/article2/0,1759,1732576,00.asp?
kc=EWNKT0209KTX1K0100440
Re #2, the sky has not yet fallen.
By the same token, this story points out that basing reputations
upon an authenticated DKIM signature is also a mistake.
Reputations can only be based upon a "trusted" signing-domain.
I'd word that statement a bit differently, but either way I think
this horse has been sufficiently beaten. No need to beat it again.
While it may not be possible to retain trust for a population of user
within a domain as a whole, a "trusted list" would provide a safe
means to mark messages as trustworthy. Segmenting the domain's
population could preserve trust for select users within the domain,
much like an OS "group" property. Maybe this could be a binary flag
to simplify listings.
While the nature of a domain's diverse users may result in the domain
being generally "Not Trusted", a special assertion may be able to
retain trust for a group of users. This could be done with a Group
ID within the key perhaps. This could allow Group ID "trusted"
messages to receive a "Trusted" marking within a domain that would
otherwise not be able to retain a level of trust as a whole. Being
able to use the same domain name may result in less confusion for
users being instructed that their system has a problem, for example.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org