On 11/01/2005 13:59, Arvel Hathcock wrote: > >> Since the people I know involved with DKIM expect it > >> to be plenty useful without third party reputation services, > >> I'm not sure what your point is. > > > > Well, they may expect it to be, but I haven't heard any arguments > > along those lines that I find convincing. > > Really?? If I see a message which is DKIM signed by iecc.com and iecc.com > is on my "DKIM white-list" this is pretty useful info right? I can > probably get away with relaxing or even skipping heuristic spam filtering > on that email with a fair degree of comfort. How is the utility of that in > any way unclear?
If one were making the argument that reputation is essential to DKIM, one might describe your whitelist as a simple reputation system. Since there is so little agreement on what a 'reputation system' is or how to effectively instantiate one based on a reliable identity, I think putting the entire reputation question outside the scope of the proposed WG was a really good idea. Of course, SSP might allow one to make policy based decisions independent of reputation. I find it a bit odd to see what appears to be people saying that we need to get rid of SSP because DKIM needs a reputation system and then accounting the so called need for a reputation system as a weakness of DKIM. Absent SSP (or something like it), then in the broad sense of the word, DKIM does need some kind of reputation system to be effective. I think it's important to get SSP right (we can do that after there is a working group). Scott Kitterman _______________________________________________ ietf-dkim mailing list http://dkim.org
