Hector Santos <hsantos(_at_)isdg(_dot_)net> writes:
I would go further to suggest to remove the usage of the term
"responsibility" from the DKIM specification all together!
Why?
DKIM is no position today to provide any assurance to or for anyone to
be indemnified from liabilities.
I agree that it does not provide indemnity, but it does not claim to, it
claims to do the opposite. What it does provide is assurance of
acceptance of liability for messages which are signed. ie if a message
is DKIM signed, the signer cannot later claim "It was nothing to do with
me, it must have been a forgery"
With an unprotected raw Domain Signing protocol layer, all it does is
give a potential plaintiff weight for a claim of "willful Negligence"
when everything was done by the plaintiff to protect a domain (i.e.
using ADSP) and a DKIM compliant receiver INTENTIONALLY ignored ADSP
(on purpose) creating a situation where an end-user was HARM due to
the receiver NEGLECT of a highly detectable malicious spoofed DKIM domain.
I never like the usage of term "responsibility", especially when there
was a lack of a focus to protect exclusive domain signed messages from
abuse.
Yet that is *not* what the original is saying. It is saying that the
signing entity is claiming responsibility for (valid) *signed*
messages. It says nothing about either accepting or rejecting
responsibility for messages which do not have a valid signature.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html