On 11/16/2005 16:32, Douglas Otis wrote: > On Nov 16, 2005, at 12:47 PM, Stephen Farrell wrote: > >> A claim made in the charter of detecting spoofing depends upon a > >> comparison of the signing-domain with the email-address domain. > > > > There is no such absolute claim that I can see in the draft > > charter [1]. > > The charter still offers justification for pursuing constraints on > the email-address. That aspect should be removed from the charter > and deferred to permit broader consensus independent of the DKIM > effort. In the meantime, the base DKIM can developed and deployed. > > To offer a comprehensive solution for sites where transactional email > is being commonly spoofed, a BCP should be created perhaps in > cooperation with the APWG. Several criteria could then be applied, > where one should include DKIM signatures. The fastest effective > response to the ongoing problem would be to dedicate a zone and list > those domains that indicate they are in compliance in the BCP. We or > others could offer that service as a means to expedite DKIM > development. : ) > That just sounds like substitution of a single centralized list of domains wishing to impose a very restrictive SSP. I think your solution would fall within the charter as written.
Personally, I don't think it's a better way to solve the problem, but rather than engineer the solution into the charter language, why don't we just get chartered and then do the work? Scott K _______________________________________________ ietf-dkim mailing list http://dkim.org
