On Apr 29, 2006, at 4:23 PM, John R Levine wrote:
The text for the r= parameter indicated that as the number
increases, the recommended annotation levels made by the signer
also increase.
Indeed, but we still have no idea how that translates into making a
reputation decision.
The r= parameter would allow the signer to assist the recipient in
distinguishing between well vetted, and poorly vetted sources.
Without this parameter, or a similar mechanism, the use of different
signing-domains would be needed to make such distinctions. The use
of different domains represents a very bad practice that would
further enable message spoofing. The increased use of similar domain
names would erode the recipient's ability to recognize who they are
trusting. The r= parameter permits a consolidation of sources having
various levels of vetting, while still permitting the signer to offer
guidance which sources have undergone minimal vetting and retain
trust for select sources.
Even when "trust" annotations are limited to signing-domain's trusted
by the recipient, the recipient should also be able to exclude
messages from receiving "trust" annotations when the signer also
warns that the source has not been well vetted. Having a mechanism
for the signer to indicate which messages are from well vetted
sources overcomes risks associated with the recipient's inability to
recognize purported originating email-addresses contained within the
message.
Message annotation will become critical when international domain
names and local-parts are commonly used. DKIM does not require that
signers exclude messages because an email-address domain is different
from that of the signing-domain. It should also be acceptable that a
trusted signing domain differs from that of an email-address
contained within the message.
The assurance being made by the signer has _nothing_ to due with
reputation. This r= parameter relates to annotation
recommendations made by the signing domain for a particular message.
Oh, in that case, I have no interest in r values less than
infinity, and I don't think anyone else should, either. If a
signer isn't prepared to take responsibility for the mail they
sign, they have no business signing it.
A signer can be highly responsible and _still_ sign messages from
poorly vetted sources. Otherwise, most email could not be signed. A
signer indicates who is accountable and who should disable abusive
accounts when abuse is reported. A signing domain may be very
responsible, and yet sign messages from poorly vetted sources. The
r= parameters permits these responsible domains to sign "trusted"
messages and to also sign less trustworthy messages. It is not
practical to consider all signed messages represent a uniform level
of trustworthiness, or that the recipient can distinguish purported
originating email-addresses. The need for trust is important,
especially when some messages request various actions that would be
highly dangerous when acted upon from less trustworthy sources.
Annotation is already required to assist the recipient distinguishing
which messages are signed. This same annotation can also warn when
the source of the message has been poorly vetted by the signer.
How can a responsible signing domain better protect their recipient's
than by using an r= parameter?
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html