----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
- Inconsistent results.
Either the signature is valid or it is not. This does not depend
upon policy
...
Can you be a bit more specific about what do you mean by
inconsistent results?
I was referrering to the "Dark Secret" model that Mr. Falk and Mr. Akins was
thinking about such as:
Result = DKIM-BASE + REPUTATION
This has the potential to be different depending on which receiver and its
non-standard reputation layer. Also DKIM-BASE mandates a:
Ignore Failure as it was never signed
so therefore, this model can only apply to a GOOD CITIZEN model. All
failures are ignored including the most obviuous of DKIM domain abuse,
direct or indirect.
- Fake it to you make it.
An assured email-address comparing with a retained email-address can
provide comprehensive protections from spoofing. Again, this
protection does not depend upon email-address policy.
Doug, you keep introducing something that is NOT part of the current model
everyone is considerating. Even then, you are ignoring the failures too
(i.e, when the retained email addresss "Address Book" does not exist or you
are dealing with an anonymous sender).
- 3rd party signatures
When a signature can be associated with the email-address, this email-
address can be annotated. Here policy can offer requisite email-
address associations. If not, then no annotations and no resulting
issues either.
Again, same answer.
- Receivers requiring to support multiple "batteries."
The MUA already has an address-book. No batteries required.
It does? What if its not populated? And if it was, are you going to sure
your address box with others? And whose MUA are you going to support?
Your's? Outlook? How about the others?
Again, you are not dealing correctly with the #1 abuse - anonymous senders
at the HOSTING level.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html