I don't see the need for the group to consider this at all. There will
be messages that have various numbers of signatures. If people find that
additional signatures are unnecessary they will not check them, if they
are not checked people will stop adding them. If on the other hand
people discover they are useful they will use them.
I do not see the value of attempting to anticipate the market here. The
only mistake we can make here is to try to pre-empt a choice that should
be left to the market.
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of
domainkeys-feedbackbase02(_at_)yahoo(_dot_)com
Sent: Wednesday, August 24, 2005 4:06 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Is accountability singular?
--- Jim Fenton <fenton(_at_)cisco(_dot_)com> wrote:
In short, will signers be left in the dark wrt how relevant their
particular accountability claim is to subsequent recipients?
Mostly. When reputation services arise a signer will be
able to check
their reputation.
Should signers give directions to forwarders not to sign,
so as not
to taint the "author" accountability? Seems like sometimes
you might
want that, sometimes you might not.
I don't see how a forwarder's signature would ever taint
the "author"
accountability, unless the forwarder breaks the original
signature. Can
you explain?
Email1 is signed by "Author" and arrives directly
Email2 is signed by "Author" and arrives via a signing forwarder.
Mike's post seems to suggest that the additional identity
available via the second signature is useful extra input to a
filtering system, thus the output of a filter could be
different for Email1 and Email2 - all other things being equal.
So it appears that a signing forwarder could impact the
outcome of a filter and one such impact could be negative.
I think this creates a dilemma for second-signers. Does their
signature add value or subtract? Importantly, will they be
treated as the responsible party or won't they? Do they want
to be the responsible party or don't they? No one knows and
at best we may offer guidance.
In the face of such a dilemma, I speculate that a significant
number of potential second-signers may take the easy path and
actively avoid signing if the email already has a responsible
party. After all, why generate work?
My point? Second-signers aren't core to DKIM and they
currently have little motivation and no obligation to add
themselves into the responsibility and identity chain. Even
conscientious second-signers might conclude that they have no
way to determine whether they are doing more harm than good.
As it stands, the first-signer has strong motivation, the
mechanism is well defined and the identity of the responsible
party is clear. The second-signer has weak motivation, the
mechanism is proving troublesome and the identity of the
responsible party is muddied.
I'm not convinced that we should expend effort on
second-signers until we're more certain of the cost/benefit.
Mark.
_______________________________________________
ietf-dkim mailing list
http://dkim.org
_______________________________________________
ietf-dkim mailing list
http://dkim.org