[ietf-dkim] DKIM Threat Analysis v0.06
Dave Crocker
dhc at dcrocker.net
Fri Aug 12 07:18:20 PDT 2005
> > * What are we trying to prevent them from doing?
> >
> The focus on 'bad actors' is a somewhat limited view in my opinion but I
> understand the culture of the security area in IETF needs it done this way.
> It's difficult to answer that question in part because what we are trying to
> do is *empower the domain owner* in my view - not handcuff the 'bad actors'
It seems likely that, in the long run, signing will primarily be done by good
actors, rather than bad actors. (However it is interesting to note that the
*current* use of SPF apparently is about 90% by spammers...) So, yes, at a
minimum we probably need to have clear and complete language about what we are
trying to do to empower them.
> per se. If I can assert some measure of control over who uses my domain
> this has value in and of itself.
why?
how?
The rest of your text in this paragraph was about broad effects. I think we
need to describe lower-level, more-mechanical effects.
d/
---
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net
More information about the ietf-dkim
mailing list