On Jan 26, 2009, at 9:10 PM, Suresh Ramasubramanian wrote:
They represent something more useful in such a context - an
aggregated identity that helps distinguish reputation in a more fine
grained way than simply d=largeisp.com .. while not going to the
ridiculous lengths that several million different values of i= would
take this line of reasoning.
There will be work involved when dealing with opaque i= values when
assessing reputations. Any amount of consolidation of this
information will induce a higher degree of collateral blocking. It
seems best to keep this an opaque value that the sender fully controls.
Those providing or assessing reputations have the task of isolating i=
identifiers currently being abusive. This effort will likely use a
temporal set of bad actors within the domain. Providing reputation
based upon an opaque value is much safer that using a mail-box address
not easily changed once a problem has been corrected to the
satisfaction of the signer. The finer grain the resolution the
better, however for larger domains, this value may represent an
account and not a specific email address. This might be the value used
to index the account granted access. Not allowing a fine grain i=
value will inhibit any practical means to deal with replay abuse, once
the DKIM domain becomes the basis for acceptance.
The ADSP draft failed to understand the how i= might be used, and
prevents its practical application.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html