On October 12, 2005 at 17:01, "Arvel Hathcock" wrote: > > If the identity being validated has little, to no, > > intrinsic "worth", then nothing is gained. > > I think I'm missing the point. How can you assess the "worth" or an > identity absent a conclusive understanding of what/who the identity is?
Let me restate: A value of an identity cannot be determined until you know what entity represents and what role the entity plays. The core email specifications (RFC-(2)82[12]) defines various identities and the role they play. Some identities have more "value" over others. For example, many see rfc2822.From fairly valuable since it allegedly represents the author(s) of the message, hence the desire to protect it in various anti-forgery-type technologies. With DKIM, the current goal-du-jour is to associate an accountable domain to a message, independent of the identities asserted in the message itself (although SSP does provide some bindings to email identities). The problem is the role of the domain is not designated, or it is fixed, implying that the domain played some role in the transmission of the message: the originating domain has the same level of accountability as a forwarding domain as does a secondary backup exchange. In order to provide a better assement on the value of a DKIM domain identity, it would help to know the role it played in the transmission of a message. For example, an originating domain signature may have a different weighting by recipients from a forwarding domain signature when determining if the message is acceptable. Of course, this also feeds into potential reputation systems, but some domains may be put under higher scrutiny based upon the role they played. --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
