It does not talk about ANY of the different forms that assessment can take. The current draft uses whitelist, reputation and accreditation is highly constrained ways. None of the words is used in a fashion that represents their full range.That is fairly close to the second paragraph of section 1, although your version doesn't discuss locally maintained whitelists (arguably not a reputation information service) nor accreditation services, both of which also benefit from DKIM. My version doesn't re-emphasize that it is input to such a service, as your last sentence does. I happen to think that is fine, because the sentence they are in is used merely to provide some exemplars. The problem is that we keep seeing readers of the document fall into the same trap that this thread is about. I think the second sentence is fine. Clear, simple, direct, relevant and even correct. Yet people keep trying to raise the spectre of the various assessment concerns. I don't know what to suggest to either prevent it or redirect it. But I class this as an issue of "bullet-proofing" the document rather than "fixing" it. Again, I was responding to a specific point of discussion, here. The discussion here, as with most discussions like it, has its sole focus as being spoofing. That's what people keep citing as the concern.True, but I have been saying that this is a class of Bad Actor that DKIM does not address. I am beginning to see that it should say something about supporting other mechanisms against these bad actors, even though it doesn't itself solve the non-spoofing obnoxious sender (NSOS?) problem. Yet is should not be the only one. But I'll stop now, because the point has certainly been discussed enough, either to establish it or to establish that it won't get established... d/ |
_______________________________________________ ietf-dkim mailing list http://dkim.org
