[ietf-dkim] Some responsibility
hsantos at isdg.net
Mon Nov 1 11:02:29 PDT 2010
Murray S. Kucherawy wrote:
>> Graham Murray
>> claims to do the opposite. What it does provide is assurance of
>> acceptance of liability for messages which are signed. ie if a message
>> is DKIM signed, the signer cannot later claim "It was nothing to do with
>> me, it must have been a forgery"
> Moreover, I think we tread on dangerous ground when we make assertions
> in any direction that are legal rather than technical.
Yet there is exist an assertion of an ambiguous legal term that raise
more questions than not about the potential risk factors for a signing
service or organization can assume with a blind responsibility for the
signing of a domain for any message.
> We're about as expert in law as we are in MUAs, which is to say
> "not at all".
Speak for yourself.
There are those with commercial product development, legal and
liability understanding to have very keen realistic view of the
concept and a quick grasp for have a legitimate concern for the
"responsibility" term in DKIM. It is a closer reality than what you
DKIM is an unprotected protocol and it is NO position to suggest to
anyone that it can assume a responsibility that can easily by
violated. As you ready to take BLAME for a poor signing of a faulty
message that can predictably harm an END-USER based on added
DKIM-based confidence by yet another 3rd party? I don't think so.
We have MUAs in the market place and for nearly 30 years. Do You?
Mind you, one doesn't really need to have direct MUA design
experiences to gain good insight and understanding and input. Gods
know, you think you now more than others regardless your silly
statement. But the fact remains, whether you care or not, there are
some here that do have real MUA product design experiences.
Have a good day
Hector Santos, CTO
More information about the ietf-dkim