Some points: 1) The document is useful as a proof of concept even if it is not necessary to necessarily define a standard for these things.
2) On per-user certificates I think that the real argument here is that in the context of spam and phishing the aggregate reputation is much more interesting than the individual. Distinguishing the behavior of [EMAIL PROTECTED] from *.verisign.com is not very useful where we are talking about the decision to deliver or not. There are cases where this is relevant but I suggest that these are much less common and likely to be a subset in most organizations. For example end user keying might be relevant for professionals at their place of work, I do not see it as being essential for people with a hotmail address. I think that it is better to make the case for domain based keys in their own right, it is a very strong one and does not depend on attacking end user keys. The best way to deploy end user keys is to begin with domain keys. That allows a thousand or a million users to be added at a time, not one at a time. 3) On the key lengths I think that 1024 is sufficient for transport keys, in fact it is arguable that 512 is acceptable since the factoring time is much much longer than the message validity. On the other hand the effort required to argue for 512 bits is not worth the performance benefit. I would however argue for 2048 bits as a minimum for any new end-user keying scheme and I would want the ability to handle up to 4096 bits. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Otis > Sent: Wednesday, September 07, 2005 2:27 PM > To: IETF-DKIM > Subject: [ietf-dkim] draft-otis-mass-reputation-02 > > > Sorry, those links were restricted it would appear. > > http://www.sonic.net/~dougotis/internet-drafts/draft-otis-mass- > reputation-02.html > http://www.sonic.net/~dougotis/internet-drafts/draft-otis-mass- > reputation-02.txt > > -Doug > _______________________________________________ > ietf-dkim mailing list > http://dkim.org > > _______________________________________________ ietf-dkim mailing list http://dkim.org
