ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Is accountability singular?

2005-08-24 13:10:28
from [domainkeys-feedbackbase02] [Permanent Link] 
--- Jim Fenton <fenton(_at_)cisco(_dot_)com> wrote:


In short, will signers be left in the dark wrt how relevant their particular
accountability claim is to subsequent recipients?
 


Mostly.  When reputation services arise a signer will be able to check 
their reputation.


Should signers give directions to forwarders not to sign, so as not to taint
the "author" accountability? Seems like sometimes you might want that,
sometimes you might not.
 


I don't see how a forwarder's signature would ever taint the "author" 
accountability, unless the forwarder breaks the original signature.  Can 
you explain?


Email1 is signed by "Author" and arrives directly
Email2 is signed by "Author" and arrives via a signing forwarder.

Mike's post seems to suggest that the additional identity available via the
second signature is useful extra input to a filtering system, thus the output
of a filter could be different for Email1 and Email2 - all other things being
equal.

So it appears that a signing forwarder could impact the outcome of a filter and
one such impact could be negative.

I think this creates a dilemma for second-signers. Does their signature add
value or subtract? Importantly, will they be treated as the responsible party
or won't they? Do they want to be the responsible party or don't they? No one
knows and at best we may offer guidance.

In the face of such a dilemma, I speculate that a significant number of
potential second-signers may take the easy path and actively avoid signing if
the email already has a responsible party. After all, why generate work?

My point? Second-signers aren't core to DKIM and they currently have little
motivation and no obligation to add themselves into the responsibility and
identity chain. Even conscientious second-signers might conclude that they have
no way to determine whether they are doing more harm than good.

As it stands, the first-signer has strong motivation, the mechanism is well
defined and the identity of the responsible party is clear. The second-signer
has weak motivation, the mechanism is proving troublesome and the identity of
the responsible party is muddied.

I'm not convinced that we should expend effort on second-signers until we're
more certain of the cost/benefit.


Mark.
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman
Next by Date:  Re: [ietf-dkim] Is accountability binary?, Tony Hansen
Previous by Thread:  Re: [ietf-dkim] Is accountability singular?, Jim Fenton
Next by Thread:  RE: [ietf-dkim] Is accountability binary?, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]