On Tue 07/Jul/2020 19:08:48 +0200 Jim Fenton wrote:
On 7/6/20 6:15 PM, Douglas E. Foster wrote:
About credible mediators:
You are right that if an inbound email gateway believes a Mediator is
credible, then all that is necessary is for the Mediator to prove his own
identity. But what is the mechanism by which a Mediator obtains the trust
of the email gateway? And by what mechanism does the Mediator know that the
email gateway has determined it to be credible?
My proposal is largely a simpler (I think) alternative to ARC for assessing
transformations. ARC also requires that the recipient's verifier have some
trust relationship with the mediator, perhaps through an as-yet undefined
reputation system.
The phrase /secret sauce/ is sometime used to refer to methods used to
establish MTA reputation. The need to keep ingredients secret is due to the
ill-defined nature of the problem, whereby reputation can be gamed if its
mechanisms are known. That's why it is, and will be, as-yet undefined.
IOW, ARC is useful to a restricted number of large providers who are able to
maintain a reliable reputation system. Do they need a simpler alternative?
Murray's reversible transforms proposal is yet another approach that does not
require trust to the same degree.
Right, a deterministic method.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
