Eliot Lear <[EMAIL PROTECTED]> writes: > Eric, > >> I'm not sure if that argument requires a plan to build a reputation >> system. However, if the argument is going to be such that a reputation >> system is required, then, considering that that's probably the >> hard bit, I would tend to think that such a plan would be useful, no? > > Useful? Yes. Is it something the IETF should do? I doubt it. It > strikes me that is the province of vendors at this point. After all, > what would the IETF standardize right now? A mother-may-I protocol? > How would it differ from a DBL?
All good questions, but to the extent to which DKIM's usefulness depends on the answers, I think they need to be addressed first. > Is this something SOMEBODY should do? > Absolutely. And we know it will be done because it is being done > already. By whom? > But let me also say that even without reputation the system is still > useful in stopping phishing attacks. So much so that you recently saw > a note from folks at ebay explaining why this would be useful to them > even if a reputation system was never developed. I understand that people believe this to be the case. However, given that phishing basically depends on either domain name confusion or domain name hijacking, I don't consider that there have been particularly strong arguments made for why it would in fact help (this goes back to my comments on the draft). -Ekr _______________________________________________ ietf-dkim mailing list http://dkim.org
