I really don't like paragraph two of the introduction: Once the attesting party or parties have been established, the recipient may evaluate the message in the context of additional information such as locally-maintained whitelists, shared reputation services, and/or third-party accreditation. The description of these mechanisms is outside the scope of this effort. By applying a signature, a good player enables a verifier to associate a positive reputation with the message, in hopes that it will receive preferential treatment by the recipient.
If the A/R issue is out of scope, then there is no need to refer. This introduction has laid the groundwork as to HOW one may deem what is good or bad - reputation. Yet, the intro lacks any introduction of SSP which the currently the primary mechanism to establish the assurances of the protocol as it as discussed throughout the document as well as any threats against it. It is the basis for much of the threat discussions, yet there is no reference or introduction to SSP as an essential part of the protection scheme used to address threats. Instead, we have what is suppose to be an "out of scope" A/R discussion throughout the document. The truth is, it is not out of scope. A/R discussions is found throughout the entire document as the an essential idea, technology or what have to resolved many of the issues. We even have a TOC index for Reputation but not SSP. Go figure. Doesn't make sense. What do you guys want? -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ ietf-dkim mailing list http://dkim.org
