ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-23 20:29:54
On August 23, 2005 at 20:06, Dave Crocker wrote:

 Should a forwarder (e.g. college alumni permanent address service) have

 the same level of accountability as the originating domain (the domain
 that received the initial submission of a message)?

 I don't see why not.  If they're sending me mail, they should be
 accountable, and if it's spam, I'm not happy about it. 

Let's remember that the primary role for this signature is as input to a 
delivery filtering process.  So the nature of the 'accountability' is inheren
tly 
narrow.

I thought the primary role was to authenticate an identity.

Any "accountability" should be explicitly defined.

Whoever is signing is injecting mail into the handling service.  They are 
responsible for the traffic they generate.  It does not matter where they 
get their messages from; they are choosing to create traffic.

So you are saying that organizations like CPAN, SourceForge, Savannah,
college alumni, et. al., will now have to spend resources dealing
with abuse complaints and the other things that come with signing
DKIM messages?  Even if these entities do not originate the messages
themselves, but just function as a "hop" during transmission?

--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>