> Dean Willis wrote: > > On Apr 4, 2008, at 6:53 PM, Dan Wing wrote: > > > >>> But more importantly, if you're thinking these things would > >>> truly have *legal* ramification, then my guess is no > >>> "good-guys" would touch signing with 4474 with a ten foot > >>> pole, ever. Do DKIM email signatures have such legal > >>> implications? > >>> > >> The closest analogy in DKIM would be someone that operated > >> a T.37/RFC2305 gateway (which converts fax to email), and > >> sends those resulting emails with their domain (example.com). > >> > > > > If you're an operator of a DKIM system, and somebody hacks > your system > > and sends mail that's authoritatively from your domain, you can be > > held liable for the consequences of the email. So could > somebody who > > doesn't run DKIM and is hacked. But bur position is > actually weaker > > than someone who doesn't run DKIM, because you've made a stronger > > assurance of trust, effectively increasing your > responsibility under > > implicit warranty. > > > Anything is possible I suppose but this strikes me as rather alarmist. > Lots of big domains are running DKIM these days including some big old > banks who are usually pretty cautious about such things and ISP's who > have pretty awful control over their user base. But we're > not trying to > vouch > for the authorization to use a given localpart either. > > I'm pretty sure that if anything about this subject hinges on > the likelihood > or not of future litigation we are in deep do-do.
Consider that, today, the opposite is true for the postal service, the PSTN, ISPs, and email: if you give them a letter, a phone number, a destination IP address, or a destination email address, they are expected to route that letter, phone number, IP packet, or email message accordingly. There is a 'contract' to do so, and a contract that they will not mis-route the letter, call, IP packet, or email. Similarly, when the letter, call, packet, or email is handed off by the postal service, phone company, ISP, or email provider, it has 'finished' doing its job. Someone else in your house (or place of business) might destroy the letter or mis-handle the phone call. Someone might drop the packet (your firewall, your PC that crashed). When the email is sitting on the email server, someone might guess your password, login via POP, and retrieve it without your knowledge. DKIM, and rfc4474, do much the same, in reverse. -d _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
