ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Some responsibility

2010-11-01 18:36:17
from [Rolf E. Sonneveld] [Permanent Link] 
On 11/1/10 6:01 PM, Murray S. Kucherawy wrote:

-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Graham Murray
Sent: Saturday, October 30, 2010 11:51 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Some responsibility


DKIM is no position today to provide any assurance to or for anyone to
be indemnified from liabilities.

I agree that it does not provide indemnity, but it does not claim to, it
claims to do the opposite.  What it does provide is assurance of
acceptance of liability for messages which are signed. ie if a message
is DKIM signed, the signer cannot later claim "It was nothing to do with
me, it must have been a forgery"

+1


+1

Given the fact that DKIM does not require a complex PKI, this means DKIM 
provides an interesting business case for various types of organizations 
(of course, assuming that the organization uses DKIM as it was 
designed). To give an example: recently I spoke with a security officer 
of a big insurance company, about DKIM. He told me that it was very 
important to them to be able to make a statement about mail they send to 
their customers, that is: a statement about the mail as it leaves their 
ADMD, not about how it arrives at the customer. It is sufficient for 
them to be able to show to anyone who might ask them, that they sign 
their outbound mail using decent crypto technology. And if they can do 
so, without having to deploy a full PKI, it makes DKIM an interesting 
technology to them. IMHO DKIM needs these kinds of use case scenario's 
to get wide acceptance.

[Of course, in addition to signing their mail, they probably will want 
to archive their outbound mail including DKIM signature etc., but that's 
not relevant to the discussion here.]


Moreover, I think we tread on dangerous ground when we make assertions in any 
direction that are legal rather than technical.  We're about as expert in law 
as we are in MUAs, which is to say "not at all".


Agreed.

/rolf
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Proposal for new text about multiple header issues, Douglas Otis
Next by Date:  Re: [ietf-dkim] Some responsibility, John R. Levine
Previous by Thread:  Re: [ietf-dkim] Some responsibility, Hector Santos
Next by Thread:  Re: [ietf-dkim] Some responsibility, John R. Levine
Indexes:  [Date] [Thread] [Top] [All Lists]