On Jan 26, 2009, at 9:10 PM, Suresh Ramasubramanian wrote: > > They represent something more useful in such a context - an > aggregated identity that helps distinguish reputation in a more fine > grained way than simply d=largeisp.com .. while not going to the > ridiculous lengths that several million different values of i= would > take this line of reasoning.
There will be work involved when dealing with opaque i= values when assessing reputations. Any amount of consolidation of this information will induce a higher degree of collateral blocking. It seems best to keep this an opaque value that the sender fully controls. Those providing or assessing reputations have the task of isolating i= identifiers currently being abusive. This effort will likely use a temporal set of bad actors within the domain. Providing reputation based upon an opaque value is much safer that using a mail-box address not easily changed once a problem has been corrected to the satisfaction of the signer. The finer grain the resolution the better, however for larger domains, this value may represent an account and not a specific email address. This might be the value used to index the account granted access. Not allowing a fine grain i= value will inhibit any practical means to deal with replay abuse, once the DKIM domain becomes the basis for acceptance. The ADSP draft failed to understand the how i= might be used, and prevents its practical application. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html