On Sat, 2005-07-23 at 23:52 -0700, Dave Crocker wrote:
no one can tell how the reputation services for CSV will operate, [...]
I would hope that reputation services accessed with CSV's DNA are not "for"
CSV.
[...]
The identity that CSV covers is the administrator of a host name that is
cited
by the client SMTP. More simply, CSV involves the identity of an MTA
operator.
well, perhaps. it seems to me that the CSV-DNA spec is a bit
schizophrenic on this point. it makes sure there will be no future
conflicts with similar schemes for other services (e.g., HTTP servers),
but on the other hand it's specifically tailored to client SMTP
("_VOUCH._SMTP" etc.). the EHLO domain name can be chosen relatively
arbitrarily, and you should be careful not to claim that reputable use
of the EHLO name extends to other services. the method of ascertaining
the name is an inextricable part of the authenticated identity.
more relevant to the discussion, if DNA can be applied to identities
established with mechanisms other than the implied CSV-CSA, this MUST in
my humble opinion be tagged in the accreditation record with a service
different from "MARID", and as such the interpration will be out of
scope for the CSV-DNA specification. we do not want to (potentially)
repeat the MAIL FROM vs. PRA mistake, do we?
as the two reputations in CSV aren't connected, it is safe to say that
the recovery will be quick...
No doubt my confusion is from not reading this thread carefully enough, but I
do
not know what "two" reputations are being referenced. CSV deals with one
identity, namely the host name provided in the client smtp's helo/ehlo
command.
the scenario was that a domain owner had chosen an e-mail provider with
bad reputation for its MTA name. if the domain owner switches e-mail
provider, the new provider's MTA name will be completely independent,
and the domain owner's sent e-mail will instaneously be rid of the bad
reputation.
At some point, having detailed discussion about a specification ought to
presume
that participants have read the specifications.
I'm sorry, I have only read the specifications, and have not followed
the discussion on mailing lists. I guess I should jump in and ask for
clarifications to the text where I feel it's needed.
--
Kjetil T.