I did a quick read of -overview yesterday and on the whole liked it.
It's a bit rough, lots of spelling/grammar errors, obviously written
by different people, needs sections filled in, etc., but it seemed
like it covered the critical areas. I'll try to read it in more
detail soon.
However, there was one sub-thread between EKR and Eliot that left me
a bit confused:
--On July 11, 2006 10:18:50 PM +0200 Eliot Lear <lear(_at_)cisco(_dot_)com>
wrote:
The owner of the domain name being used for a DKIM signature
is declaring that they are accountable for the message. This
means that their reputation is at stake.
I'm not sure I understand what reputation means in this context.
I believe it would be pedantic to define a commonly used English
word.
I disagree.
1. It's a technical term in the security community, and since
there's no reputation service being proposed..
The language was plainly used. You are, however, raising two
separate issues: use of the term and whether reputation services
are in scope. They are clearly not. However, that doesn't mean
that DKIM cannot be used by such services, and it certainly doesn't
mean that we must never refer to them. This having been said, I
still believe the plain language reading connotes an obvious
meaning.
I thought that the Overview document was supposed to be a
non-normative introduction (ok, "overview") of DKIM: motivations,
context, how the pieces fit together, how it fits into the bigger
picture. If I'm right, then
(1) using "plain English" is just fine, and hence "reputation"
doesn't need a formal (normative) definition; and
(2) reputation /is/ in scope of this document, since it speaks to the
bigger picture.
Have I misunderstood the intent of -overview? If it is to be a
normative document then I will suddenly have a /lot/ of comments....
eric
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html