Re: r= for instilling good domain-name practices

On 2006-04-28 10:10, Douglas Otis wrote:

> : The r= parameter is defined by the signer as a simple number
> : of 0-9, where 0 is the default offering the lowest reliance
> : level.  To ensure control in the case of MUA signing, this r=
> : parameter in the signature MUST always be less than or equal
> : to the key r= level.  If there are no r= parameters found in
> : the key, the highest r= parameter allowed in the signature
> : would be r=0.  An instance where the key r= parameter is less
> : than that of the signature, the signature is invalid.

One signer's r=3 might connote a level of verification equivalent to 
another signer's r=8.  So as a recipient, I'd have to keep track of the 
domain, the selector, AND the r value...even though I'll be making my 
reputation decision based entirely on criteria of my own choosing.  So, 
I might as well just ignore the r value.

You're trying to fit reputation policy -- which is a sociopolitical 
issue -- into a technical standard.  A peg of infinite dimensions into a 
hole of intentionally finite dimensions.  The likelihood that it'll fit 
is infinitely small.

--
J.D. Falk, Anti-Spam Product Manager
Yahoo! Communications Platform Team