I don't see the need for the group to consider this at all. There will be messages that have various numbers of signatures. If people find that additional signatures are unnecessary they will not check them, if they are not checked people will stop adding them. If on the other hand people discover they are useful they will use them.
I do not see the value of attempting to anticipate the market here. The only mistake we can make here is to try to pre-empt a choice that should be left to the market. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, August 24, 2005 4:06 PM > To: [email protected] > Subject: Re: [ietf-dkim] Is accountability singular? > > > --- Jim Fenton <[EMAIL PROTECTED]> wrote: > > > >In short, will signers be left in the dark wrt how relevant their > > >particular accountability claim is to subsequent recipients? > > > > > > > > Mostly. When reputation services arise a signer will be > able to check > > their reputation. > > > > >Should signers give directions to forwarders not to sign, > so as not > > >to taint the "author" accountability? Seems like sometimes > you might > > >want that, sometimes you might not. > > > > > > > > I don't see how a forwarder's signature would ever taint > the "author" > > accountability, unless the forwarder breaks the original > signature. Can > > you explain? > > Email1 is signed by "Author" and arrives directly > Email2 is signed by "Author" and arrives via a signing forwarder. > > Mike's post seems to suggest that the additional identity > available via the second signature is useful extra input to a > filtering system, thus the output of a filter could be > different for Email1 and Email2 - all other things being equal. > > So it appears that a signing forwarder could impact the > outcome of a filter and one such impact could be negative. > > I think this creates a dilemma for second-signers. Does their > signature add value or subtract? Importantly, will they be > treated as the responsible party or won't they? Do they want > to be the responsible party or don't they? No one knows and > at best we may offer guidance. > > In the face of such a dilemma, I speculate that a significant > number of potential second-signers may take the easy path and > actively avoid signing if the email already has a responsible > party. After all, why generate work? > > My point? Second-signers aren't core to DKIM and they > currently have little motivation and no obligation to add > themselves into the responsibility and identity chain. Even > conscientious second-signers might conclude that they have no > way to determine whether they are doing more harm than good. > > As it stands, the first-signer has strong motivation, the > mechanism is well defined and the identity of the responsible > party is clear. The second-signer has weak motivation, the > mechanism is proving troublesome and the identity of the > responsible party is muddied. > > I'm not convinced that we should expend effort on > second-signers until we're more certain of the cost/benefit. > > > Mark. > _______________________________________________ > ietf-dkim mailing list > http://dkim.org > > _______________________________________________ ietf-dkim mailing list http://dkim.org
