Re: [ietf-dkim] 1365 yes/no

Hallam-Baker, Phillip wrote:
> > Subject: Re: [ietf-dkim] 1365 yes/no
> >
> >
> > On Feb 28, 2007, at 2:23 PM, Stephen Farrell wrote:
> >
> > > issue #1365 calls for eliminating requirement
> > > 6.3.2 which says:
> > >
> > > "   [PROVISIONAL] The Protocol MUST be able to publish a Practice
> > >         which is indicative that domain doesn't send mail."
> > >
> > > If you want to eliminate that requirement say: +1 If you 
> > want to keep 
> > > that requirement say: -1
> +1 its out of charter scope
I've heard you say this a few things, and I've been begging to ask 
because I'm scratching my head over how its out of scope?
This POLICY and among others have been part of the design 
discussions/debates process since the beginning with the original SSP 
specs, the current SSP specs including my own DSAP and most importantly, 
it being already MODELED in published DKIM/SSP open source software.
Not wanting it is one thing, but saying its out of scope, I would 
disagree with that for one simple reason: Bad guys will most likely 
randomly use domains with fasimilies of 3rd party signatures.  If a 
domain doesn't send mail, not only will this policy indirectly protect 
the domain but also directly reduce the abuse on the receiver.
In my view it is extremely powerful policy with a very high payoff.

--
HLS


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html