On Wed, 3 Aug 2005, Amir Herzberg wrote:
Would you reduce reputation if you get multiple signature verification
failures? Up to throwing messages without validating signatures? I think
that's what you (and Tony) suggest.
I wasn't talking about the basis of a domain's reputation, just when a
recipient can do the reputation check in order to minimize resource
usage.
Doug talks about trying to do this before being committed to the DATA
transmission stage, but I think that's out of scope of DKIM or at least
extending DKIM to support it is of marginal utility, since as he points
out the EHLO and MAIL FROM identities are likely to overlap substantially
with the DKIM id which lets you do this anyway. This is a quality-of-
implementation issue rather than a standards issue, and is speculative
until we have reputation databases.
(I don't have much to say about Doug's key revocation issues.)
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.