[ietf-dkim] Review of draft-fenton-dkim-threats-01
lear at cisco.com
Sat Oct 29 13:50:01 PDT 2005
> I'm not sure if that argument requires a plan to build a reputation
> system. However, if the argument is going to be such that a reputation
> system is required, then, considering that that's probably the
> hard bit, I would tend to think that such a plan would be useful, no?
Useful? Yes. Is it something the IETF should do? I doubt it. It
strikes me that is the province of vendors at this point. After all,
what would the IETF standardize right now? A mother-may-I protocol?
How would it differ from a DBL? Is this something SOMEBODY should do?
Absolutely. And we know it will be done because it is being done already.
But let me also say that even without reputation the system is still
useful in stopping phishing attacks. So much so that you recently saw a
note from folks at ebay explaining why this would be useful to them even
if a reputation system was never developed.
More information about the ietf-dkim