Murray S. Kucherawy wrote:
-----Original Message-----
That's a fairly grandiose expectation. One might also wonder
why law enforcement hasn't managed to stop drug abuse, cybercrime,
or myriad other plagues on society.
Does that mean laws should not exist?
The issue is that the infrastructure of the system allows it,
and I can't even imagine a system that is problem-free given
the nature of the predators and prey in these scenarios.
No one said Policy will end all wars or provide world peace. But I do
know one thing, it has a lot better chance than the Reputation Model
can hope to provide. Reputation does not even care the current ills
of the systems which are highly detectable with Policy.
We just can't get the spammers to set the evil bit on
their mail, alas. It would make things so much easier.
But it doesn't have to Murry and thus why DKIM had a rare high
promising industry revamping contribution to ending all wars and
providing world peace.
You are right, the system allows for it. The #1 problem with bad guys
is the exploitation of the legacy mail operations by simply operating
in legacy mode themselves - in other words - Do Nothing.
DKIM POLICY is a fault Detection concept where policy raises the
legacy email bar using DKIM domain declared signing policy expectations.
So without lifting a finger, DKIM POLICY will immediately address all
bad guys operating in legacy mode. The evil bit is the lack of a
signature itself.
DKIM POLICY will put legacy bad guys in a new predicament they never
had to think about or incentive to do - ADAPT or DIE!
Since DKIM REPUTATION does not deal with faults of the system, the
legacy bad guy market will continue thrive at mail sites using DKIM
REPUTATION only.
You must appreciate that adaptation constitute change and change is an
expense so perhaps not all bad guys will adapt. For those who do,
adaptation would be in:
- Invalid Domain Signatures
- Valid 3rd party Signatures
- Valid 1st party Signatures
DKIM POLICY will immediate address the Invalid Signature Adaptation.
DKIM REPUTATION would not be capable, by design to deal with this
adaptation.
DKIM POLICY would immediate address the valid, but anonymous,
unauthorized 3rd party signer adaptations. DKIM REPUTATION will pan
for gold using independent trust assessment services which the bad guy
is not a member of. I have no idea how you deal with that. Maybe a
DKIM Reputation AI Model based on Neural Network or Bayesian
Classification would emerge and after a 3-5 year warm up period, some
trickle of a return and payoff will emerge.
DKIM POLICY doesn't address valid 1st signatures, so it will depend on
the DKIM Reputation model.
DKIM POLICY offers DKIM a better chance for success than DKIM
REPUTATION can for the primary reason that it addresses a large part
of the problem where CHANGE is not required. That was the beauty of it.
On the other hand, any measurable success for reputation is squarely
dependent on change - but change for GOOD GUYS. It has no concept to
deal the legacy or adaptation for bad guys. DKIM Reputation success
will depend one thing only:
Every domain uses the same batteries.
Of course, the ideal set of Batteries would be:
A monopoly or oligopoly network of trusted assessment
services allowing for consistent GOOD MAIL result
across all DKIM receivers.
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html