Murray S. Kucherawy wrote: >> Graham Murray >> claims to do the opposite. What it does provide is assurance of >> acceptance of liability for messages which are signed. ie if a message >> is DKIM signed, the signer cannot later claim "It was nothing to do with >> me, it must have been a forgery" > > +1 > > Moreover, I think we tread on dangerous ground when we make assertions > in any direction that are legal rather than technical.
Yet there is exist an assertion of an ambiguous legal term that raise more questions than not about the potential risk factors for a signing service or organization can assume with a blind responsibility for the signing of a domain for any message. > We're about as expert in law as we are in MUAs, which is to say > "not at all". Speak for yourself. There are those with commercial product development, legal and liability understanding to have very keen realistic view of the concept and a quick grasp for have a legitimate concern for the "responsibility" term in DKIM. It is a closer reality than what you are expressing. DKIM is an unprotected protocol and it is NO position to suggest to anyone that it can assume a responsibility that can easily by violated. As you ready to take BLAME for a poor signing of a faulty message that can predictably harm an END-USER based on added DKIM-based confidence by yet another 3rd party? I don't think so. We have MUAs in the market place and for nearly 30 years. Do You? Mind you, one doesn't really need to have direct MUA design experiences to gain good insight and understanding and input. Gods know, you think you now more than others regardless your silly statement. But the fact remains, whether you care or not, there are some here that do have real MUA product design experiences. Have a good day -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html