[ietf-dkim] New DKIM threat analysis draft
Earl Hood
earl at earlhood.com
Wed Oct 12 13:58:26 PDT 2005
On October 10, 2005 at 10:07, "Hallam-Baker, Phillip" wrote:
> I think this problem goes away if we understand the purpose of DKIM to be
> to allow parties to provide the recipient of an email with additional
> information that allows them to make a more efficient and/or more
> accurate determination of whether they are willing to accept it.
What is "the additional information?" As of now, the additional
information has not been clearly defined: is it just a domain
accepting responsibiliy, is it protecting originating identities,
or something else? Past threads have debated on DKIM's scope, but
I have not seen any firm resolution.
Past discussions tend to imply that DKIM mainly provides the ability
for a domain to claim responsibility for a message. If this is the
case, I have not seen a good argument on how this will improve things.
For example, with reputation systems, will DKIM provide a better
(i.e. more effective) reputation system over existing ones (e.g.
network address-based) justifying the cost of deploying DKIM?
--ewh
More information about the ietf-dkim
mailing list