Verifiers need a way to get a common trust database.
One idea would to start a IETF Working Group for maintaining an
official standard DKIM-TRUST-BUNDLE.TXT file. For lack of a better
term, call it
DKIMVCT DKIM Verifier Common Trust
The DKIMVCT WG would decide
- Criteria for domain nominations and acceptance
- distribution locations
- methods to automate change/updates
Deciding what domains gets into this list would be a WG nomination and
voting process where every domain would get a chance to nominate a
trust domain and themselves and everyone can express their concerns
and give their +/- 1.
Some good things:
- Official list not in control of a commercial vendor
- IETF exhibits industry wide fairness to all.
- Bad guys will be recognized so they won't dare to try
to get into the IETF official list via this WG.
- ITS FREE!!!
Some Bad Things:
How to see the bad parts here. Very interesting in hearing them.
Overall, we need to get the ball rolling with establishing a protocol
consistent result model for DKIM verifiers if DKIM is going to see a
payoff.
Comments?
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html