Eliot Lear <[EMAIL PROTECTED]> writes: > Eric, > > Thank you for your comments. > >> Indeed, if what you wanted to do >> was stop message forgery as a general case, you would have to >> consider the issue of forgery by other authorized users in >> the same administrative domain, which generally leads to an S/MIME >> style solution. > > While it is true that a wide deployment of S/MIME may limit forgery, > it is perhaps not the only way, and so let me suggest that where you > say "generally" we are now outside that realm.
I'm not sure I understand this statement. > Here the problem is broken into several parts: verification that a > message came from an administrative domain and verification within the > administrative domain. Mechanisms exist within an administrative > domain to verify identity of a sender. Those methods can be > improved. Dramatically, IMHO. But that needn't be something for DKIM. > > To tackle *spam*, reputation must be considered. That needn't be done > by DKIM but it must be done. I haven't seen a strong argument that > the reputation component should be done within the IETF, as no > protocol requirements to do it have been identified. What is clear is > that reputation cannot be considered without something like DKIM. > > Would you agree or disagree with the above statements? I agree that you can't build a reputation system without some form of data origin authentication. It seems to me that the form of data origin authentication being proposed here is principally useful for this kind of reputational anti-spam system, not for solving the generic data origin authentication problem. Accordingly, I think that this project needs some sort of plausible argument about how it will be useful for stopping spam. I'm not sure if that argument requires a plan to build a reputation system. However, if the argument is going to be such that a reputation system is required, then, considering that that's probably the hard bit, I would tend to think that such a plan would be useful, no? -Ekr _______________________________________________ ietf-dkim mailing list http://dkim.org
