[ietf-dkim] Charter bashing...
Jim Fenton
fenton at cisco.com
Tue Oct 11 22:54:33 PDT 2005
John Levine wrote:
>>> ? supporting multiple signatures on single messages
>>>
>>>
>
>This is a chronically contentious point.
>
>PRO: Relays can re-sign to show the path that a message took. Lists
>and forwarders can re-sign so a message has both the original sender's
>sig and the list or forwarder's sig.
>
>CON: If you sign it, you take responsibility for it, recipients
>shouldn't care how it got to you. Multiple signatures are fragile
>when transiting list managers that may modify the subject and body (a
>topic debated at length with IIM.) If a message has both a good sig
>and a bad sig, semamtics are not clear.
>
>
My view is that a bad signature is equivalent to no signature since an
attacker could easily create a signature that doesn't verify (so you
shouldn't treat it any better) and something in the mail path could
break the signature (so you shouldn't treat it any worse).
>
>My inclination is to waffle, to permit multiple signatures but not to
>encourage them and not to try to specify the semantics. They don't
>seem very useful to me, but they also don't seem so clearly useless
>that I would want to outlaw them.
>
>
Agreed; at the very least they shouldn't be declared out of scope by the
charter because there is substantial support for considering possible
use of multiple signatures.
-Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/ietf-dkim/attachments/20051011/92d60f07/attachment-0001.html
More information about the ietf-dkim
mailing list