Hallam-Baker, Phillip wrote: > I fail to see your point here. > > Anyone can deploy DKIM, there is nothing unfair about the DKIM architecture. it artificially changes the relative value of domain names. it makes them more like brand names, where you have to work to build a domain's reputation in order to get people to trust it. it means that domains which are associated with large user communities with a good reputation will be more trusted than domains with small user communities, even when those domains are equally diligent. in that way DKIM favors the interests of large concerns over small ones. so it's not surprising that several large concerns backed it. but that doesn't mean it's a good thing for the Internet as a whole. > The 'unfairness' that you appear to be complaining about is that DKIM solves a problem that only targets a relatively small number of Internet domains, although the effects of that attack are seen by everyone. > indeed, DKIM might help address the phishing problem, if that's what you're talking about. and large concerns are disproportionally affected by phishing. but ultimately I think there's only a small chance of DKIM helping the phishing problem much, because of user interface issues and because there are lots of ways to fool people into thinking that they're responding to a FemtoSquishy email without having femtosquishy.com in the From address or signature. > Impersonation of a trusted brand is always going to assit a social engineering attack if this is possible. I do not understand the ideological calculus under which we should do nothing to protect consumers against attacks of this nature because we can't all have a trusted brand. > using DKIM to discourage phishing is a different use case than using it to authenticate to IETF lists. just because it might work well for the former (if indeed it does) does not mean it can be relied on to work well for the latter. Keith _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf