On Tue, 19 Oct 2010 16:23:39 +0100, John R. Levine <jo...@iecc.com> wrote:
>> good signature -> good message. >> >> Don't you mean >> >> Good signature -> authenticated message (that is, someone >> accepts responsibility) I think it needs to mean Good signature -> authenticated message (that is, someone accepts responsibility, where "someone" is identifiable at least to the extent of being or not being the domain in whatever From: is shown). > > When I said good, I meant credible, not just one that mechanically > validates. I hope that we all agree that a signature from a domain about > which one knows nothing is not usefully different from no signature at > all. A reputation service can only say that a domain is BAD GOOD or NO EVIDENCE AVAILABLE EITHER WAY. I think the last case has to be treated pretty much like GOOD, otherwise newcomers to the internet will never even get their messages accepted. There might be some merit in a repuation service responding with DOMAIN CREATED WITHIN THE LAST 15 MINUTES although even that should have been "Domain first used within the last 15 minutes", except I cannot see how a reputation service coulr know that. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: ...@clerew.man.ac.uk snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html