> Roughly we need to consider how DKIM is used, not just define a > technology. We need to talk about bad uses of DKIM as soon as we > are aware that they are sufficinetly likely that they are worth > considering. Here's a concrete suggestion: it is clear that the bad uses of DKIM people have mentioned are a subset of the bad uses of STARTTLS. I have seen concerns that third party reputation lists might be used to create walled gardens or closed networks with DKIM. This is not just a theoretical risk with STARTTLS. People have already done exactly that, since TLS unlike DKIM already includes the facilities for third parties to indicate which keys they like and which ones they don't. And the TLS world is dominated by a single signer whose signing policies are opaque. So how about if we simply reuse the warning language about STARTTLS from RFC 3207? If that's not adequate, do we need to write similar warnings about STARTTLS? R's, John _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf