[ietf-dkim] Not exactly not a threat analysis
Keith Moore
moore at cs.utk.edu
Wed Aug 17 09:54:45 PDT 2005
> At 15:30 15-08-2005, Earl Hood wrote:
> >Care must be taken that no accountability is assumed on behalf of
> >the signer on the desirability of the message. The signature just
> >states that a given message passed through their system.
>
> Even if DKIM Signature does not make the signer responsible or
> accountable, some people may infer it.
All the more reason to make the semantics clear, to make assertions of
accountability explicit, and to provide some (informative, not
normative) advice to implementers regarding use of DKIM signatures in
presentation and filtering. There's a huge potential for
misunderstanding, but that comes with the territory.
We might even do well to avoid using the word "Signature" in message
headers and whatnot. The meaning of "signature" in the crypto world is
different from the meaning of "signature" in the paper world.
Keith
More information about the ietf-dkim
mailing list