- From: James A. Donald <jamesd@echeque.com>
- Date: Mon, 19 Jun 2006 11:23:57 +1000
- To: Amir Herzberg <amir.herzberg@gmail.com>
- CC: public-usable-authentication@w3.org, pbaker@verisign.com
--
James A. Donald:
> > Authentication without reputation management is
> > useless. The purpose of authentication is to
> > support reputation management. DK and SPF are
> > attempting to walk around on one leg.
Amir Herzberg wrote:
> I agree on the importance of reputation and/or penalty
> mechanisms (that's where most of my work in this area
> is). However, I think you are a bit carrying it too
> far. DKIM, and even SPF, allow organizations to use
> whitelisting; that's already valuable (and of course,
> it is also a basic reputation system, so you are not
> wrong
Yes, but I cannot usefully whitelist senders of
authenticated messages either, which means no one has
much incentive to authenticate their mail.
In a previous post, Hallam-Baker, Phillip wrote
: : This is why we began circulating the VeriFied
: : Domains List which has over 100,000
: : authenticated domains listed on it.
If I could whitelist authenticated emails from domains
on his list, plus various random friends and relatives,
that would be useful to me. If lots of people started
whitelisting, then suddenly domains would want to use DK
and SPF.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
VdTVET6A0Z/r3TptDMcvBKZlqs1Wlmedt6d6I20g
4JuH0WpKw+myB69OShDYGfuvGN6Bg/6sPwkaBt/Qw
Received on Monday, 19 June 2006 01:24:03 UTC