On May 26, 2011, at 12:02 PM, Murray S. Kucherawy wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of John R.
Levine
Sent: Thursday, May 26, 2011 6:40 AM
To: Ian Eiloart
Cc: DKIM List
Subject: Re: [ietf-dkim] DKIM Scouts, was 8bit downgrades
Mailing lists have worked quite well for 40 years with no signatures at
all, making all sorts of random changes to the mail, so it has to be
something more than that.
Applying the same logic: Email in general has been fine without DKIM for 40
years, so why do we need it?
Thinking in abstract terms: If you accept the premise that DKIM delivers a
validated domain name as its payload, and that domain name represents an ADMD
that takes "some" responsibility for a message, then it's not clear to me why
one would claim it's not valuable to have two responsible parties instead of
just one. You can then evaluate both of those names and decide if either of
them, or perhaps the combination of them, warrant additional filtering or,
instead, priority handling.
The question really is: How valuable is this? Or put another way: Is it
worth the work to make the two identities available instead of only that of
the MLM? I suspect the answer is "yes" as it can only improve your accuracy.
The only remaining issue is how hard it will be to make that happen, and
whether or not the payoff is big enough to offset the pain. That, I think,
is the real thing that needs to be evaluated.
In my experience with traditional discussion MLMs (which is the situation we're
talking about) if I trust the MLM, I generally don't care about who the
participants are.
While you're absolutely right that in this case having identities of two
responsible parties (original author and MLM) is more valuable than one (MLM).
But I think the increase in value is somewhere between marginal and negligible,
so unless it comes "for free" it's probably not that interesting to try and do.
And when we're talking about DKIM identities it's definitely not something that
will be easy to do (it may not even be possible without seriously compromising
either DKIM's promises or an MLMs usability).
Now, those are abstract terms. When argued in terms of passing an author
signature through an MLM given modern realities, it does indeed sound like
it's not worthwhile, because in that particular context you're not likely to
see the stuff you want to filter coming via such paths in the first place.
But now invert that thinking. Let's say your domain manages to acquire a
positive reputation, but now you and I are on a re-signing MLM whose domain
has no reputation or maybe even a slightly negative one. Your reputation
could trump that of the list, or could improve that of the list by your
participation in it, at least from my perspective. But for that to happen,
your signature has to survive.
The value of traditional MLMs is the discussion, rather than the individual
post. The quantum of value is the thread, rather than the email.
If the reputation of the MLM is poor enough that mail from it is not being
delivered, trumping that with an authors reputation may get individual emails
delivered - but not threads, so it doesn't really improve the value provided to
the recipient (it probably decreases it - a mailing list that delivers one in
ten posts to my inbox is less useful than one that delivers none at all).
I don't think that's a concept that should be discarded out of hand just
because MLMs have been the way they are for a long time and they're in the
way of such innovations. Updating them even a little might enable a host of
useful new applications.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html