On Mon, 2005-05-23 at 16:42 -0700, David MacQuigg wrote:
At 05:30 PM 5/23/2005 -0400, Mark Shewmaker wrote:
How does your ID proposal get me reliable knowledge of the exact
definitions of forgery from these three separate parties for these three
separate arguments without use of an additional reputation server that
says I can trust the ID domain's hearsay claim about these other domains?
If the declared ID authenticates, then we have our responsible party.
Why should I care in the slightest that an identified but untrusted
third party is claiming responsibility that the mailfrom is nonforged,
that the helo is unforged, and that the pra is unforged? (Or that it's
telling me something about these domain owners' rules about how to
determine forgeries.)
My primary goals are to detect and reject forgeries.
My secondary goals are to look at the reputation of these three
entities.
ID-type proposals can be useful for helping out reputation computations,
(and I've proposed that sort of thing in various forums), but that's not
the same as figuring out if these things are forged in the first place.
We
don't need the other identities, unless the ID owner expects them to be
checked.
Why should I care what the ID owner (who is trying to claim
responsibility of some sort) wants or expects with respect to forgery
tests?
You keep saying that the ID declaration is hearsay. I don't understand
what you mean by that word.
I referred to "the ID domain's hearsay claim about these other domains".
If the ID is claiming that these other domains are claiming that these
specific things are not forged, then that's hearsay by definition.
If the ID is not claiming that these other domains are claiming that
these specific things are not forged, then it's not helping me in my
goals of determining if the message is forged in those ways.
The record for a declared ID may specify, by the list of methods, what
identities are to be checked.
Why should I care what identities this declared ID wants checked?
As a side note:
It occurs to me that it would be useful if there were
a place where these discussions would be on-topic.
I would ask if you would please set up a mailing list
for discussion of these topics, and then make an
announcement here as to its location.
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com