[ietf-dkim] Reputation trusted layers is out of scope

[Michael Thomas]

Hector Santos wrote:

>----- Original Message ----- 
>From: "Stephen Farrell" <stephen.farrell at cs.tcd.ie>
>To: <ietf-dkim at mipassoc.org>
>
>
>  
>
>>Folks,
>>
>>If there are other things Mike should be doing with reqs-01 that
>>haven't been said on the list, now is probably a good time to
>>raise them (in a new thread).
>>    
>>
>
>I'm taking your off list advice and posting this here:
>
>[Offlist]
>
>Hector wrote:
>
>My only concern about all this is that the process has been hijacked 
>by those who believe a REPUTATION LAYER is the only solution to be 
>used with DKIM-BASE.   I'm afraid the requirements will be written in a 
>way to water down any strong SSP consideration. Evidence of that is req 
>#10 and the provisional considerations that the authors themselves 
>don't believe in.
>  
>
Speaking as all of the authors in question:

  10.  [PROVISIONAL] A domain holder MUST be able to publish a Practice
        which enumerates the acceptable cryptographic algorithms for
        signatures purportedly from that domain.

           [INFORMATIVE NOTE: this is to counter a bid down attack; some
           comments indicated that this need only be done if the
           algorithm was considered suspect by the receiver; I'm not
           sure that I've captured that nuance correctly]

I'm sure that I have no clue as to what nefarious intentions um, we,
had in mind here. As always, it would be helpful to be specific about
actual wording changes and/or showing wide support for new requirements.

		Mike