This "bad-list" lookup would have a minor impact as a negative
result. This lookup would not need to be made when the HELO is with
the signature's domain. A user-key lookup would likely be just as
frequent due to DNS cache concerns. As least with the revocation-
identifier there could be a method to eliminate the lookup in most
cases. A bad identifier could be safely given a long time to
live as
well.
From the point of view of getting DKIM chartered I think it is probably
sufficient to note that schemes of this type have existed in the past
and were very successful until the majority of spammers began to modify
each message.
There were two principle weaknesses in DCC, the first was the tactical
problem of defeating hashbusting, the second was that is was vulnerable
as a censorship scheme.
DKIM eliminates the hashbusting problem but the censorship issue is
still there. My confidence in Vernon's ability to solve it is in no way
enhanced by his habit of reporting people as spammers because he simply
didn't like them.
If DCC is going to work there has to be accountability for the
moderators. Otherwise you get issues like people signing up for MoveOn
or the Drudge Report for the sole purpose of reporting posts as spam.
From a timing point of view this is a second order problem, it is
dealing with the spammer response which is unlikely to appear until DKIM
is widely deployed. I think it is a good thing to start building
prototypes to meet the anticipated attack but far too soon to think
about a formal standards process.
One area we might want to anticipate DCC like schemes though would be in
advice to mailing list software to offer the option of signing the
message for each recipient rather than signing the message once and for
all. This would avoid or at least reduce the censorship problem.