ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-24 20:17:40
Sorry, I did not mean that the exact policies and enforcement rules
of accountability should be defined, but what is meant by being an
"accountable identity".

That's exactly what we shouldn't define.

Exactly.

When I see the term "accountable" all kinds of implications pop in my
head, including legal ones.  For example, if I sign a message, could
I then be prosecuted if the message is involved in criminal activity?

How the heck should we know?  We're network engineers, not politicians.
For that matter, I'm a network engineer and a politician and I don't
know either.  It entirely depends on what the law says, what the message
says, under what circumstances you signed the message, and a dozen other
things.  Law is not software, and attempts to treat it as software never
produce useful results.

"Never" is a tough word to live up to, but I actually think it might apply
here.

To me, something like "authenticating the originating domain identity"
provides a clear indication of what is being identified without getting
into the murky area of "accountability".

That would be fine if that's what DKIM did, but it's not.  It allows a
domain to say "we're accountable for this message" without it having to
claim to be the orignator.  For reasons already hashed out at great
length, that's an essential difference.

Right again. There's nothing murky about the attachment of an identity to a
specific message that DKIM provides.

                                Ned
_______________________________________________
ietf-dkim mailing list
http://dkim.org