> Sorry, I did not mean that the exact policies and enforcement rules > of accountability should be defined, but what is meant by being an > "accountable identity".
That's exactly what we shouldn't define. > When I see the term "accountable" all kinds of implications pop in my > head, including legal ones. For example, if I sign a message, could > I then be prosecuted if the message is involved in criminal activity? How the heck should we know? We're network engineers, not politicians. For that matter, I'm a network engineer and a politician and I don't know either. It entirely depends on what the law says, what the message says, under what circumstances you signed the message, and a dozen other things. Law is not software, and attempts to treat it as software never produce useful results. > To me, something like "authenticating the originating domain identity" > provides a clear indication of what is being identified without getting > into the murky area of "accountability". That would be fine if that's what DKIM did, but it's not. It allows a domain to say "we're accountable for this message" without it having to claim to be the orignator. For reasons already hashed out at great length, that's an essential difference. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor "I dropped the toothpaste", said Tom, crestfallenly. _______________________________________________ ietf-dkim mailing list http://dkim.org
