[ietf-dkim] Is accountability singular?

[Michael Thomas]

domainkeys-feedbackbase02 at yahoo.com wrote:
> --- "Hallam-Baker, Phillip" <pbaker at verisign.com> wrote:
> 
> 
>>As to whether accountability is binary or not, of course there are
>>shades of grey. There is always going to be a probability that the party
>>cannot be held accountable.
> 
> 
> Ug. What a terrible choice of words I made. I meant to ask whether there can
> usefully be multiple accountable parties for an email. I struggle to understand
> how a recipient could usefully use that information _consistently_.
> 
> I like the "author" but I don't like the forwarder? I like the forwarder, but I
> don't like the "author"?
> 
> What about thee accountable parties, "author", first forwarder, List?
> 
> What about five accountable parties...

The one thing that the Bayesian experience has shown is that
machine-learned patterns can be pretty good at picking out
the wheat from the chaff. So yes, it seems at least plausible
that multiple identities as input to some sort of statistical
function might be helpful. I don't happen to think that that's
the primary benefit of DKIM, but as a side benefit it seems
like a not bad outcome in the more-information-better domain.

> Sure, we can conjure up some cases where two _might_ be useful to a subset of
> interested recipients, but even then is the plan to let each
> implementor/recipient decide on the relevance of each accountable party or will
> their be guidance, BCP, standards?

Well, we pretty much have a situation where there's absolutely
no standardization of filtering now. I'm going to guess that
you don't see that as being in need of standardization even
if it does lead to bad outcomes in some cases (outcomes
that are at least fate-shared with the receiver).

> In short, will signers be left in the dark wrt how relevant their particular
> accountability claim is to subsequent recipients?

Can it be otherwise? I mean, signers can't dictate how a
receiver will use their signature, RFC, BCP or no.

		Mike