On Thu, Jan 29, 2009 at 5:46 AM, Jim Fenton <fen...@cisco.com> wrote:
> Note that I say this is a hint to reputation systems:  Nobody can
> prevent a reputation from using, or trying to use domain only, and one
> can't require that the reputation system will actually pay attention to
> a stable identifier, regardless of how it is expressed (in or with the
> signature).  Reputation systems that do a good job will succeed, and
> those that do a poor job will fail.  Note also that the stable
> identifier would be effectively an additional output of DKIM verification.

Thank you. That's even more reason for this errata doc to express the
view that i= / UAID is metadata that's useful at the sender end (both
during transmission as well as during the analysis of feedback loops,
or other self analysis) and only MAY be considered or checked by
receivers if there's a shared understanding of what it constitutes.

I would even go as far as to say that it need not necessarily be a
stable identifier of the individual author.  And attempts to find a
stable identifier might need to look elsewhere (ok, not the from .. a
brand new x-header perhaps?)
NOTE WELL: This list operates according to 

Reply via email to