[ietf-dkim] list vs contributor signatures, was Wrong Discussion
dhc at dcrocker.net
Fri May 28 13:26:28 PDT 2010
On 5/28/2010 12:07 PM, Jeff Macdonald wrote:
> But I'd like to see if I understand the difference your are trying to
> highlight between a manually maintained list and a self published
There is a key semantic difference which, I believe, makes for a key difference
In a manually maintained list, there is an independent assessment of what domain
names are worth worrying about. (The independence is from the owner of the
domain. The assessment might be by a third part or it might be by the recipient.)
The owner-based list is a statement by the domain owner, themselves, of what
domains the recipient should handle in a particular way.
An important problem with this latter model is how noisy it is. Both the domain
owner and the transmission process introduce significant errors.
By contrast, the former model can incorporate a conformance metric into the
decision whether to list the domain.
> Manually, there is confidence in understanding the
> ramifications. Self published (ADSP) there is no assurance in the
> understanding of the ramifications.
Right. That's true, as well as the difference in the basis for the entry.
> Therefore the data collected from
> one method is not applicable to the other? The end result (discarding)
> would somehow end up different?
I am increasingly suspecting that ADSP's real benefit is in avoiding false
positives, rather than the false negatives as we've always discussed. This is
predicated on the importance of that "which domains should I care about?" manual
More information about the ietf-dkim