Murray S. Kucherawy wrote:
Graham Murray
claims to do the opposite. What it does provide is assurance of
acceptance of liability for messages which are signed. ie if a message
is DKIM signed, the signer cannot later claim "It was nothing to do with
me, it must have been a forgery"
+1
Moreover, I think we tread on dangerous ground when we make assertions
in any direction that are legal rather than technical.
Yet there is exist an assertion of an ambiguous legal term that raise
more questions than not about the potential risk factors for a signing
service or organization can assume with a blind responsibility for the
signing of a domain for any message.
We're about as expert in law as we are in MUAs, which is to say
"not at all".
Speak for yourself.
There are those with commercial product development, legal and
liability understanding to have very keen realistic view of the
concept and a quick grasp for have a legitimate concern for the
"responsibility" term in DKIM. It is a closer reality than what you
are expressing.
DKIM is an unprotected protocol and it is NO position to suggest to
anyone that it can assume a responsibility that can easily by
violated. As you ready to take BLAME for a poor signing of a faulty
message that can predictably harm an END-USER based on added
DKIM-based confidence by yet another 3rd party? I don't think so.
We have MUAs in the market place and for nearly 30 years. Do You?
Mind you, one doesn't really need to have direct MUA design
experiences to gain good insight and understanding and input. Gods
know, you think you now more than others regardless your silly
statement. But the fact remains, whether you care or not, there are
some here that do have real MUA product design experiences.
Have a good day
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html