> > But first we need to do *anything at all* that is useful. .... > > As of today, there is no standardized transit-time message authentication > > technique. If we can produce a standard that permits validating ANY > > identity > > with a signed message, we will have created a stable base for all sorts > > of enhancements. > > Perhaps, but a stable base for future enhancements that will actually have > some utility is not, I would think, something useful.
You seem to have missed the "but first" paragraph. > Unless the output of this putative group would at least enable a receiver to > reject a 'bad' message or have more confidence in a 'good' message there is > no incentive for either senders or receivers to deploy. for some definitions of good messages and bad message. > It would seem to me that there is a necessary tie between the identity being > signed, some e-mail identity that end uses actually see, and some type of > sender policy declaration that would allow receivers to have some idea how > to interpret the presence, absence, and validity of signatures. Quite a bit of useful filtering is done today that does not require the end-user to participate directly and does not involve knowing the sender's "policies" and does not require using the rfc2822.from field. d/ --- Dave Crocker Brandenburg InternetWorking +1.408.246.8253 dcrocker a t ... WE'VE MOVED to: www.bbiw.net _______________________________________________ ietf-dkim mailing list <http://dkim.org>
