> [mailto:[EMAIL PROTECTED] On Behalf Of Dave Crocker
> > 2. I think that the passive/active difference involves a > > superset/subset relationship. That is, I think that the > active begins > > with the statements made in the passive mode, about the > sender/signer, > > but extends them to tell the evaluator how to use those statements. I think that we need strong policy but that there is no place for active statements. A 'strong policy' in my book is simply a passive statement that when read by the receiver means that it is overwhelmingly likely that the majority of receivers will reject mail without proper authentication. I don't think that strong policy can be written today, policies will only become strong over time as the Internet email infrastructure adapts to DKIM and the mail filters gain the necessary confidence to implement more restrictive rules. The barrier to entry for issuing strong policy is pretty high for many. Until most mailing lists are fixed you probably have to implement a separate mail system to allow mailing list mail to bypass the mail filter. I don't think that many people are going to do it without good reason as John suggested earlier. We could implement the token in mail address scheme I described as a pop extension. User wants to subscribe to a mailing list, they ask their email client to subscribe them, it asks the mail server for a mailing address for the list. The pop server calculates one using a shared secret. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
