On Mar 7, 2009, at 6:19 PM, Suresh Ramasubramanian wrote: > On Sun, Mar 8, 2009 at 7:47 AM, Hector Santos > <[email protected]> wrote: >> Suresh Ramasubramanian wrote: >>> Most of ADSP has been, so far, an attempt to introduce (sometimes >>> ridiculously) fine grained reputation scoring for vendors, and >>> clients of vendors. >> >> Can you explain where in the specification this is stated? > > Not the spec. The majority of the use cases I have seen proposed > for it, on the other hand ..
ADSP's current definition of Author Signature is not compatible with what might become typical DKIM signing practices utilizing opaque i= values. Requiring two signatures is a needless waste of resources. DKIM i= values can help mitigate abuse when the number of problematic i= values is limited. A limited number of problematic i= values should not be seen as ridiculous. There is already a fair amount of DKIM replay abuse, where i= values could play a meaningful role. An alternative strategy might attempt to limit DKIM domains to specific SMTP clients, but that would make the email less robust. >> I hope the WG chairs will help keep the WG focus of the prize - an >> IETF standard policy layer/protocol for DKIM and not allow out of >> scope reputation ideas to ruin it once again as it did for SSP the >> past years. > > If you call them out of scope where that's going to be their single > largest intended application .. well, you are technically right I > guess. Practically ... ? That's another question. The challenge is to discuss these issues, especially when everyone has a different opinion about what might be a practical mitigation strategy. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
