ietf-dkim
[Top] [All Lists]

Re: accept, deny, or other delivery decisions (was Re: [ietf-dkim] SSP= FAILURE DETECTION)

2006-09-11 20:46:03

On Sep 11, 2006, at 8:08 PM, Scott Kitterman wrote:

On Monday 11 September 2006 22:38, Steve Atkins wrote:
On Sep 11, 2006, at 7:07 PM, Hector Santos wrote:
----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>

- Inconsistent results.

Either the signature is valid or it is not.  This does not depend
upon policy
...
Can you be a bit more specific about what do you mean by
inconsistent  results?

I was referrering to the "Dark Secret" model that Mr. Falk and Mr.
Akins was
thinking about such as:

    Result = DKIM-BASE + REPUTATION

This has the potential to be different depending on which receiver
and its
non-standard reputation layer.

You seem to be deeply confused as to what "reputation" is. Every
receiving MTA, and possibly every recipient will have a different
view of a signers reputation.

Given that, expecting everyone to have exactly the same result
when they apply their reputation model to an email that's authenticated
from a given author is obviously nonsensical.

OK, then I'm confused because I think that you and Hector are saying
essentially the same thing in your message and his that you replied to.

Hector asserts that "inconsistent results" is a risk with respect to signing.

His reasoning behind that is that because every recipient decides
whether to acccept or reject mail is based on several factors, including
the senders reputation, and that that reputation will vary.

That has nothing to do with whether the mail is signed or not (though
reputation based-filtering is likely to drastically more accurate with
mail that is signed). Unsigned mail is also going to be delivered, or
not, depending on many things, including the reputation of the sender.

So describing "inconsistent results" as a "risk of signing" seems
something of a non-sequitur. Or possibly I'm misunderstanding,
in which case I'm sure Hector will expand on the issue, with a
clearer explanation of what he means and some concrete
examples.

Cheers,
  Steve
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>