[ietf-dkim] Reputation trusted layers is out of scope
mike at mtcc.com
Mon Aug 28 09:49:36 PDT 2006
Hector Santos wrote:
>----- Original Message -----
>From: "Stephen Farrell" <stephen.farrell at cs.tcd.ie>
>To: <ietf-dkim at mipassoc.org>
>>If there are other things Mike should be doing with reqs-01 that
>>haven't been said on the list, now is probably a good time to
>>raise them (in a new thread).
>I'm taking your off list advice and posting this here:
>My only concern about all this is that the process has been hijacked
>by those who believe a REPUTATION LAYER is the only solution to be
>used with DKIM-BASE. I'm afraid the requirements will be written in a
>way to water down any strong SSP consideration. Evidence of that is req
>#10 and the provisional considerations that the authors themselves
>don't believe in.
Speaking as all of the authors in question:
10. [PROVISIONAL] A domain holder MUST be able to publish a Practice
which enumerates the acceptable cryptographic algorithms for
signatures purportedly from that domain.
[INFORMATIVE NOTE: this is to counter a bid down attack; some
comments indicated that this need only be done if the
algorithm was considered suspect by the receiver; I'm not
sure that I've captured that nuance correctly]
I'm sure that I have no clue as to what nefarious intentions um, we,
had in mind here. As always, it would be helpful to be specific about
actual wording changes and/or showing wide support for new requirements.
More information about the ietf-dkim