[ietf-dkim] Charter bashing...

Amir Herzberg herzbea at macs.biu.ac.il
Wed Oct 12 01:50:35 PDT 2005 

Well, sorry, I've responded before seeing that Phil made a superset of 
my arguments, so it is enough to read his message and (if you care) note 
that I second it. Amir

Hallam-Baker, Phillip wrote:
> I have a DKIM-SL client that is designed to add an end user signature. 
> 
> This signature serves a completely different use case to the signature
> that is automatically added at the outgoing edge gateway.
> 
> As previously argued stripping out email signatures is a very bad idea.
> A DKIM email might very well have upwards of 3 signatures, all of which
> validate and all of which provide useful information to the receiving
> infrastructure.
> 
> For example an end user signature tells me that the message was
> definitely from Bill Gates but I still want the Microsoft edge server
> signature to tell me it went through the Microsoft email infrastructure,
> was scanned for virus there etc. I also want to see the signature added
> at the IETF mailing list exploder because the original email specifies
> the mailing list as the recipient but the mailing list then forwarded
> it.
> 
> These are all useful and important pieces of information. If you have a
> spam filtering infrastructure you are already handling a huge amount of
> AI-complete complexity. Additional information is not a burden, lost
> information is a very serious hinderance.
> 
> At any rate this is not an argument that should be settled by a charter
> exclusion.
> 
> 
> 
> 
>>-----Original Message-----
>>From: ietf-dkim-bounces at mipassoc.org 
>>[mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Arvel Hathcock
>>Sent: Tuesday, October 11, 2005 10:32 PM
>>To: ietf-dkim at mipassoc.org
>>Subject: Re: [ietf-dkim] Charter bashing...
>>
>>
>>>  ? supporting multiple signatures on single messages
>>
>>Humm... not sure about this one.  If verifiers only supported 
>>a single signature it would be wise for signers to strip out 
>>any existing signatures before re-signing.  That would cause 
>>the loss of "potentially" useful data wouldn't it?  But, come 
>>to think of it, old signatures don't verify (otherwise, why 
>>resign the message at all) and what is the practical use of a 
>>non-verifiable signature.  You can't make any definitive 
>>decisions based on broken signatures can you?
>>
>>--
>>Arvel
>>
>>
>>
>>_______________________________________________
>>ietf-dkim mailing list
>>http://dkim.org
>>
>>
> 
> 
> _______________________________________________
> ietf-dkim mailing list
> http://dkim.org
> 
> .
> 

-- 
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI: 
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages: 
http://AmirHerzberg.com/shame

More information about the ietf-dkim mailing list