[ietf-dkim] Some responsibility

[Hector Santos]

Murray S. Kucherawy wrote:

>> Graham Murray
>> claims to do the opposite.  What it does provide is assurance of
>> acceptance of liability for messages which are signed. ie if a message
>> is DKIM signed, the signer cannot later claim "It was nothing to do with
>> me, it must have been a forgery"
> 
> +1
> 
> Moreover, I think we tread on dangerous ground when we make assertions 
> in any direction that are legal rather than technical.

Yet there is exist an assertion of an ambiguous legal term that raise 
more questions than not about the potential risk factors for a signing 
service or organization can assume with a blind responsibility for the 
signing of a domain for any message.

> We're about as expert in law as we are in MUAs, which is to say 
> "not at all".

Speak for yourself.

There are those with commercial product development, legal and 
liability understanding to have very keen realistic view of the 
concept and a quick grasp for have a legitimate concern for the 
"responsibility" term in DKIM. It is a closer reality than what you 
are expressing.

DKIM is an unprotected protocol and it is NO position to suggest to 
anyone that it can assume a responsibility that can easily by 
violated.   As you ready to take BLAME for a poor signing of a faulty 
message that can predictably harm an END-USER based on added 
DKIM-based confidence by yet another 3rd party?   I don't think so.

We have MUAs in the market place and for nearly 30 years.  Do You? 
Mind you, one doesn't really need to have direct MUA design 
experiences to gain good insight and understanding and input.  Gods 
know, you think you now more than others regardless your silly 
statement.  But the fact remains, whether you care or not, there are 
some here that do have real MUA product design experiences.

Have a good day

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com