On Aug 4, 2006, at 8:34 AM, John L wrote:
Part of the problem here is the past record of SPF with over-
zealous 550 if there's any hint of bogosity. We, for example,
would be forced to take down a "we sign everything" policy if that
were to happen with DKIM -- even though we'll be signing
everything pretty soon. If there were a qualifier in the "I sign
everything policy" that specifically implies that sending a 550
based on a missing DKIM signature alone is extremely bone-headed"
then maybe we can both.
I don't see the point. That last suggestion is, to the recipient,
the equivalent of a useless "I sign some mail" since you're telling
the recipient it's OK to accept some amount of both signed and
unsigned mail.
John,
In your zeal for simplicity, you appear to be missing valid uses for
a policy statement. Mike correctly indicates a potential problem.
Think of the signing domain as representing a newspaper. When the
editor of this newspaper allows reporters to be liars, there would be
primarily less trust in the newspaper. The first party, from a trust
aspect, is the newspaper's editor. By the same token, it should not
be a requirement that all reporters share the same last name as that
of the editor. Reporters should be allowed an easy means to appear
in other newspapers. To facilitate this, reporters should be
provided a means to indicate what newspapers carry their stories. A
reporter may need to indicate that they freelance where other
newspapers not listed may also carry their stories.
When a reader wonders whether the story they are reading in some
unknown newspaper is really by the reporter they believe it to be,
the reader could check the list of newspapers published by the
reporter. There can be three outcomes:
1 - If the newspaper is on this list, then the reader has greater
confidence in who wrote the story.
2 - If the newspaper is not on this list, and the list is marked
as being a complete, then the reader would know that the
story is not likely by this reporter.
3 - If the newspaper is not on this list, and the list is marked
as not being complete, then the reader would then need to
investigate the reputation of the newspaper's editor.
There is value having a list marked incomplete. Perhaps a small
population of readers will find the reporter's story in an unlisted
newspaper. In these case, the reporter would rather have the
reputation of the newspaper's editor checked. Without being able to
mark the list incomplete, a report may find their story dismissed.
This can be especially damaging when the reporter does a fair amount
of freelancing.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
