[ietf-dkim] Not exactly not a threat analysis
domainkeys-feedbackbase02 at yahoo.com
domainkeys-feedbackbase02 at yahoo.com
Wed Aug 24 08:07:45 PDT 2005
--- Michael Thomas <mike at mtcc.com> wrote:
> domainkeys-feedbackbase02 at yahoo.com wrote:
> > To me it's like call-forwarding on your phone. If you get a phone call you
> > don't want, are you going to blame your call-forwarding service for doing
> the
> > job you asked them to do?
>
> Yes, but then there are zombies, open relays, etc, that are
Right. But I think that addresses a different question. Zombies are
accountable, but would they claim to be?
It's more the inverse issue I was thinking about - where you have multiple
parties wanting to claim accountability. What assurance does each party have
that their claim has the right relevance compared to other claims?
If one List signs to indicate that it is accountable for the content and
another signs merely to indicate that the traffic did really get forwarded via
the List - how does a recipient make that distinction and act accordingly?
If that distinction is solely in the hands of the recipient, what instructions
do we give to second-and-subsequent signers about the impact and benefits of
adding a signature?
Mark.
More information about the ietf-dkim
mailing list