Arvel Hathcock wrote: > > What I'd like to know is whether Dave's view has any support > or not. There are many people who haven't commented on this topic. >
I believe that message signatures have value in themselves. While that value can be enhanced, depending on such things as the relationship of the signer to the sending domain, or the assessment of the trustworthiness of the signer, these enhancements build on the basic presence of a verifiable signature. Local policy can also be used to manage the extent to which trust is extended to signatures where the domain of the signing entity is not the same as (or a sub-domain of) the originating address, or to messages that are not signed when the bulk of messages from that originating domain are signed. Even usage over time allows any signature to acquire a degree of trust without any other external reference, much as happens in with other communications channels (eg postal, phone). Provided the DKIM standard specifies suitably flexible mechanisms for extension, then other value adding services and alternatives can be combined with the basic signature to make its deployment more useful and probably more cost-effective. It would be ideal if the working group can produce some of these additional components as well as the basic signature mechanism. However, it appears as though there is still a lot of substantive discussion to get agreement on these items, and meanwhile, the basic signature standard is languishing. Perhaps taking a first step would be productive. -- James _______________________________________________ ietf-dkim mailing list <http://dkim.org>
