At 15:30 15-08-2005, Earl Hood wrote:
Care must be taken that no accountability is assumed on behalf of
the signer on the desirability of the message. The signature just
states that a given message passed through their system.
Even if DKIM Signature does not make the signer responsible or
accountable, some people may infer it.
All the more reason to make the semantics clear, to make assertions of
accountability explicit, and to provide some (informative, not
normative) advice to implementers regarding use of DKIM signatures in
presentation and filtering. There's a huge potential for
misunderstanding, but that comes with the territory.
We might even do well to avoid using the word "Signature" in message
headers and whatnot. The meaning of "signature" in the crypto world is
different from the meaning of "signature" in the paper world.
ietf-dkim mailing list