On 14/11/22 22:03, Laura Atkins wrote:
Does it make sense to add in a brief discussion of ‘responsibility for
the message'? As I see it, responsibility implies able to do something
against the originator of the message or act to stop the message if it
turns out to be a problem. If it’s your customer and the mail is going
out over your network you can disconnect them. If the mail isn’t going
out through your network, you have very little control and if you
don’t have control can you really be responsible?
This seems desirable, even if it's likely to be contentious, not least
because the word "responsibility" is itself ambiguous:
* In fact a signer can not literally be responsible once a copy of the
signed message is handed to someone else as the signer has no way of
responding (exerting any useful control) once that's happened. The
signer's responsibilty is really about deciding whether to sign and
ends at that point.
* The word is frequently used to instead mean something like culpable
after the fact, i.e. they're not responsible for taking some
corrective action after the fact, but can reasonably be harmed for
it e.g. to motivate better behaviour up front.
I'd suggest that the current level of ambiguity isn't helpful because it
invites different readers to project incompatible assumptions about
what's actually intended.
- Roland
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim