John L wrote: > The third is "<foo> signs all my mail", if it turns out that there > actually exist foo's that reliable enough to delegate's one's signing, > and that it's easier to do that than to sign in the MUA or to provide > signing keys so that foo can put on the sender's signature.
Outsourcing for mail sending is already common, so it seems likely that delegating signing would be, too. But my question is why it is better to have a "delegation of my domain" scheme rather than simply having the outsourced sending do its own signature and then use its domain name for evaluating its own reputation. If it is a Good Actor, then it shouldn't need to rely on the domain name of the content author. If it is a Bad Actor, then relying on the domain name of the content author would merely wind up hurting the content author. > So my suggestion would be to use a format similar to the one we use for > the signatures, put the first two items in the spec, and use a syntax > that permits people to experiment with new items and propose the useful > ones for later standardization. Something this minimalist does indeed seem like the best approach: 1) standardize a publication mechanism for an extensible list of practices; and 2) include a tiny number of extremely interesting practices to publish, to seed the effort. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
