Re: bozoproofing the net, was The Value of Reputation

>   If such agreement cannot be reached, then I think
> DKIM has much more serious problems about applicability and the
> definition of the problems being solved than whether or not this
> is required.
John,

Unfortunately what you appear to be saying is that you are certain of serious 
problems, and  are happy to assert them as a barrier to progress -- after all, 
you want to insist that a requirement for dealing with your fears be included as 
a chartered deliverable -- but you do not feel compelled to provide a solid 
basis for these fears.
Before imposing requirements on an IETF effort, one should make a pragmatic case 
for it.  At base, the case you have so far made is that the reasonable mechanism 
of DKIM might get mis-used, just as any other reasonable mechanism might be.
You keep implying that it is somehow a mysterious and big deal to have a 
voluntary, validated identity associated with message transit.
It isn't.

And the real fear that we all should have is that it is being characterized as a 
bigger deal than it is, including that its supposed "dangers" are vast and unknown.
Let's start with something simple and useful, John:

   Are there technical deficiencies in the current DKIM specifications?

If there aren't, then please cite previous IETF work that requires worrying 
about unknown, future abuses and imposes those fears as a barrier to chartering.
d/

--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf