On Wed, 8 Jun 2005, Daniel Golding wrote:
Reputation is a missing element in all sender authentications schemes and will (likely) be solved separately.
No approach is perfect, but building closer to a solution is preferred over sitting on our hands and debating, which (historically) seems to be the IETF's approach.
You miss the point. Reputation is already widely being used today - every blocklist is a reputation system and we have lots of those for mail server reputation and for network reputation and for domain names there is SURBL All those are of course "bad reputation" lists and John wants to see good reputation lists, but it can only happen once authorization is used, but initial technologies are there. For when something more complex is needed there is in fact siq being developed at ASRG http://www.ietf.org/internet-drafts/draft-irtf-asrg-iar-howe-siq-01.txt so what is really needed are people willing to come to asrg and work with authors on R&D (with emphasis on "d" part) and if it does not work well than ASRG will look at something else. -- William Leibzon Elan Networks william@elan.net