[ietf-dkim] Assessing Policy Vs Reputation Assertions
gmail.sant9442 at winserver.com
Thu Oct 15 04:37:19 PDT 2009
Charles Lindsey wrote:
> On Wed, 14 Oct 2009 14:27:01 +0100, John R. Levine <johnl at iecc.com> wrote:
>> No, ADSP adds the ability for senders to make unverified assertions
>> about their signing practices. Unless you already have some
>> knowledge about the domain, you have no idea whether it would be
>> useful to believe it.
> On the contrary, it adds the ability for domain owners to make those
> assertions. Assuming that the domain owner has control of his own DNS
> records, those assertions are as reliable as the reputation of the
> relevant Domain Registrar (you can argue about how reliable that is, if
> you wish).
I sounds like everyone is saying the same thing in different ways.
I like to view it as a failure to detect a positive assertion.
For Policy, the classic "Expect Only Signatures From Me" and you don't
see one as the same as some Reputation concept that says "Mail Signed
by Acme.Com can be trusted" but you also don't see that signature.
In both cases, its failure detection of Policy and/or Reputation
Hector Santos, CTO
More information about the ietf-dkim