In article <4BDFB7D3(_dot_)5010802(_at_)dcrocker(_dot_)net> you write:
I have to agree with Mike (alert the media!) that this seems to be a
solution looking for a problem. There are F2F systems all over the
net, and the amount of spam or hostile spoofage we get from them is
trivial.
But that's not really the issue. The issue is whether and how using
F2F might break end-to-end trust models that are being postulated
when DKIM is used.
It's not whether there is likely abuse but whether the likely trust
will become unenforceable, when it should be enforceable.
The only plausible trust model I've seen is to do good things with
mail that has signatures you have reason to think are virtuous.
Signed F2F works just fine with that.
And indeed, this might be the (or, at least, an) answer to the
concern (except of course for ADSP assertions made too broadly
because it can't cover this scenario.
I have to say that ADSP is having just the pernicious effect that I
feared it would. Its actual utility is very, very narrow, people want
it to do other things, so they start insisting that the rest of the
world redesign itself to match their concept of ADSP. We seem to have
learned nothing from the experience with SPF.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html