ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-17 09:58:33
from [Keith Moore] [Permanent Link] 
At 15:30 15-08-2005, Earl Hood wrote:

Care must be taken that no accountability is assumed on behalf of
the signer on the desirability of the message.  The signature just
states that a given message passed through their system.


Even if DKIM Signature does not make the signer responsible or 
accountable, some people may infer it. 


All the more reason to make the semantics clear, to make assertions of
accountability explicit, and to provide some (informative, not
normative) advice to implementers regarding use of DKIM signatures in
presentation and filtering.  There's a huge potential for
misunderstanding, but that comes with the territory.

We might even do well to avoid using the word "Signature" in message
headers and whatnot.  The meaning of "signature" in the crypto world is
different from the meaning of "signature" in the paper world.

Keith
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] linkage between "originator" and "handling agent", Hector Santos
Next by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch
Previous by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, Douglas Otis
Next by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore
Indexes:  [Date] [Thread] [Top] [All Lists]