Re: bozoproofing the net, was The Value of Reputation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Roughly we need to consider how DKIM is used, not just define a
> technology.  We need to talk about bad uses of DKIM as soon as we
> are aware that they are sufficinetly likely that they are worth
> considering.

Here's a concrete suggestion: it is clear that the bad uses of DKIM
people have mentioned are a subset of the bad uses of STARTTLS.

I have seen concerns that third party reputation lists might be used
to create walled gardens or closed networks with DKIM.  This is not
just a theoretical risk with STARTTLS.  People have already done
exactly that, since TLS unlike DKIM already includes the facilities
for third parties to indicate which keys they like and which ones they
don't.  And the TLS world is dominated by a single signer whose
signing policies are opaque.

So how about if we simply reuse the warning language about STARTTLS
from RFC 3207?  If that's not adequate, do we need to write similar
warnings about STARTTLS?

R's,
John

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]