[ietf-dkim] Handling the errata after the consensus call
michael.adkins at corp.aol.com
Mon Mar 9 07:33:32 PDT 2009
> I would agree with you that valid signatures still require help in the
> area of positive reputations. But IMO, failure detection provided
> with DKIM+POLICY is where you don't really need reputation.
> Just consider reputation is already widely in practice in many forms.
> Many believe that good signatures will not trump a bad rap and vice
> a versa, bad signatures will not trump a good rap. So whats the rule
> here? Does reputation trump DKIM/POLICY? Is it don't by weights? Or
> some does certified trusted service govern who is good or bad?
Whether or not you should apply someone's policy declarations is more of
a function of their class than their reputation. You can't assume that
'significant' is the same thing as 'reputable'.
If I think social networks have a reasonable use case for policy
declaration, then it doesn't really matter how heavily one is abused
versus another. I'm going to apply both their policies regardless.
We'll never get anywhere if we keep dragging 'good' and 'bad' into it.
More information about the ietf-dkim