ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] ADSP: Keep Reputation out of scope

2009-03-08 00:01:01

On Mar 7, 2009, at 6:19 PM, Suresh Ramasubramanian wrote:

On Sun, Mar 8, 2009 at 7:47 AM, Hector Santos  
<hsantos(_at_)santronics(_dot_)com> wrote:
Suresh Ramasubramanian wrote:
Most of ADSP has been, so far, an attempt to introduce (sometimes  
ridiculously) fine grained reputation scoring for vendors, and  
clients of vendors.

Can you explain where in the specification this is stated?

Not the spec.  The majority of the use cases I have seen proposed  
for it, on the other hand ..

ADSP's current definition of Author Signature is not compatible with  
what might become typical DKIM signing practices utilizing opaque i=  
values.  Requiring two signatures is a needless waste of resources.

DKIM i= values can help mitigate abuse when the number of problematic  
i= values is limited.  A limited number of problematic i= values  
should not be seen as ridiculous.  There is already a fair amount of  
DKIM replay abuse, where i= values could play a meaningful role.  An  
alternative strategy might attempt to limit DKIM domains to specific  
SMTP clients, but that would make the email less robust.

I hope the WG chairs will help keep the WG focus of the prize - an  
IETF standard policy layer/protocol for DKIM and not allow out of  
scope reputation ideas to ruin it once again as it did for SSP the  
past years.

If you call them out of scope where that's going to be their single  
largest intended application .. well, you are technically right I  
guess.  Practically ... ?  That's another question.

The challenge is to discuss these issues, especially when everyone has  
a different opinion about what might be a practical mitigation strategy.

-Doug

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>