As a follow up, here is a reason why I think Murray's definition is
better using a twist on the MUA at ESP2 example:
Date: Whatever
From: Joe (Signed by: trustme.com. Click for Details)
To: Larry
Subject: Your account is about to expire.
Signer Details:
Voucher: ESP2 likes Trustme.com
Trustme.com has authenticated the following fields:
From:
Date:
To:
List-ID:
For some stupid reason, the trustme.com signer did not include the
subject to be hash bound to signature and we have no idea if the
subject was modified in transit or reception. But since the signer is
not taking responsibility for subject alterations, the user will at
least now some idea the subject can't be trusted. Without the details
like this, the user would not have any idea what could be wrong with
this trusted message.
--
HLS
Hector Santos wrote:
This is the problem with this ambiguous "responsibility" term in DKIM
and it becomes worst when blame or credit is distributed.
IMO, you can't have it both ways.
Sure, you are saying if unsigned parts altered or removed, then the
mail is still valid, everything is still A O K. You don't care, you
are not responsible for these unsigned parts and most important of
all, the message is trusted if the signer is vouched for some way,
even if all unsigned parts is removed or altered!
But that can only be true specifically because of the hash bound PARTS
you signed and took responsibility for. So in this vain, Murray
definition sound to be logical and technically correct:
The signer is only accepting responsibility for the authenticity
of the specific parts it bound to the signature.
That is much clear than saying:
"The signer takes some responsibility for the message."
when it doesn't care for what has changed in the message payload as it
travels.
Another perspective with be a DKIM ready MUA display.
The MUA at ESP1 displays:
Date: Whatever
From: Joe
To: Larry
Subject: Bananas
Signed by: trustme.com
then I can see your viewpoint better. There is something about
the signer that it is claiming some responsibility for the message.
But the MUA at ESP2 displays:
Date: Whatever
From: Joe (Signed by: trustme.com. Click for Details)
To: Larry
Subject: Bananas
Signer Details:
Voucher: ESP2 likes Trustme.com
Trustme.com has authenticated the following fields:
From:
Date:
Subject:
To:
List-ID:
Then Murray is again correct.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html