On Aug 15, 2005, at 1:24 PM, Earl Hood wrote:
On August 15, 2005 at 09:53, Douglas Otis wrote:
The term "responsible for the message" gives the impression of
authorship. How about "accountable for permitting the submission of
the message (by an unknown author)"?
According to Webster, "responsible" and "accountable" are basically
interchangeable.
With confusion regarding what is implied by the verification of the
DKIM signature, DKIM proponents must be careful about making claims
regarding content or authorship. DKIM does not discern whether a key
has been delegated, whether content has been reviewed, and whether
users are limited to specific mailbox-addresses. While various
ancillary assertions regarding a mailbox-domain may mandate specific
signing domains, DKIM must not make assurances regarding content or
authorship, or how the message is processed.
While these two terms "responsible" and "accountable" are similar,
"responsible" tends to connote involvement with content or
authorship. Whereas, "accountable" tends to connote being held
accountable for their client's actions. Much as parents are held
accountable for their children's actions. The child could still be
considered responsible for their own deeds by the parent, but the
parent must still bear the burden of any misdeeds.
I think your second sentence hits a key point, "What form of
responsibility does a signer take when it signs a message?". Is it
responsible for allowing the submission of the message? Is it
responsible for the contents of the message? Both?
It may not be the content of the message that is abusive, but rather
the number. DKIM should be seen as establishing a hierarchy of
accountability. This hierarchy improves effectivity of abatement
efforts by involving fewer entities. Unlike S/MIME or OpenPGP, the
resolution for accountability remains at the domain. By limiting the
resolution of accountability, the ability of DKIM to scale and enjoy
wide deployment is greatly improved. All efforts to include more
than just the domain must be steadfastly resisted.
Taking responsibility on the submission of a message is different
than responsibility of its contents.
Said differently, being accountable for the submission of messages is
different than being responsible for the message's content. Not
caring about the message's content still allows DKIM to offer great
value.
BTW, as DKIM is currently defined, a DKIM signature may not be by the
party that allowed initial submission of the message. DKIM either
needs stronger binding semantics, or it needs to limit when signing
can be done.
Anytime a message is signed, message accountability should be
considered anew. The chain of accountability (or trust) is from the
signer to the recipient. The signing domain is held accountable for
those messages it submits, who in turn should hold their clients
accountable messages reported as abusive. DKIM establishes a clear
hierarchy of accountability.
Adding multiple signatures would not be as effectives as a general
rule of not resigning the message when possible. It seems rather
foolish to be placing these monkeys on your back.
-Doug
_______________________________________________
ietf-dkim mailing list
<http://dkim.org>