On August 24, 2005 at 14:51, John Levine wrote: > >I thought the primary role was to authenticate an identity. > > Right. The identity of the accountable party. > > >Any "accountability" should be explicitly defined. > > Good lord, no. The recipient might do anything from whitelist a domain to > blacklist it to filing suit under a local anti-spam law. It would be the > height of hubris and foolishness to try to dictate that.
Sorry, I did not mean that the exact policies and enforcement rules of accountability should be defined, but what is meant by being an "accountable identity". IMHO, I think using the term "accountable identity" in a specification that does not provide any indication of the type of accountability the identity takes is not a good idea. A standard should not use terms that are not clearly defined, and something like this will lead to questions by those considering adoption on what the consequences of being an "accountable identity" is. When I see the term "accountable" all kinds of implications pop in my head, including legal ones. For example, if I sign a message, could I then be prosecuted if the message is involved in criminal activity? To me, something like "authenticating the originating domain identity" provides a clear indication of what is being identified without getting into the murky area of "accountability". Applications built on top of DKIM can deal with accountability frameworks, but DKIM should avoid even mentioning it. --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
