On Mar 7, 2009, at 6:19 PM, Suresh Ramasubramanian wrote:
On Sun, Mar 8, 2009 at 7:47 AM, Hector Santos
<hsantos(_at_)santronics(_dot_)com> wrote:
Suresh Ramasubramanian wrote:
Most of ADSP has been, so far, an attempt to introduce (sometimes
ridiculously) fine grained reputation scoring for vendors, and
clients of vendors.
Can you explain where in the specification this is stated?
Not the spec. The majority of the use cases I have seen proposed
for it, on the other hand ..
ADSP's current definition of Author Signature is not compatible with
what might become typical DKIM signing practices utilizing opaque i=
values. Requiring two signatures is a needless waste of resources.
DKIM i= values can help mitigate abuse when the number of problematic
i= values is limited. A limited number of problematic i= values
should not be seen as ridiculous. There is already a fair amount of
DKIM replay abuse, where i= values could play a meaningful role. An
alternative strategy might attempt to limit DKIM domains to specific
SMTP clients, but that would make the email less robust.
I hope the WG chairs will help keep the WG focus of the prize - an
IETF standard policy layer/protocol for DKIM and not allow out of
scope reputation ideas to ruin it once again as it did for SSP the
past years.
If you call them out of scope where that's going to be their single
largest intended application .. well, you are technically right I
guess. Practically ... ? That's another question.
The challenge is to discuss these issues, especially when everyone has
a different opinion about what might be a practical mitigation strategy.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html