[ietf-dkim] portable reputation

[Dave Crocker]

John Levine wrote:
>> One thing we hear a lot about in other contexts is reputation
>> portability.  If paypal were to create a new service, it would want
>> to borrow from its reputation.  
...
> Reputation portability is indeed important, but I don't see why one
> would want to implement it by default fuzzy domain matching, with all
> the phish vulnerabilities that opens up, particularly when DKIM
> already provides straightforward workable ways to do it.


Eliot,

Typical discussions about reputation portability have been based on use of IP 
Addresses.  The need for portability is due to being forced to use different 
IP Addresses.  Using domain names as identifiers changes the entire game. For 
one thing, it permits the reputation to be based on a far more stable identifier.

To whatever extent we want reputations to be able to be "portable" we need to 
make sure it does not conflict with desires to keep them separate.

d/
-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net