[ietf-dkim] one more comment I forgot...
Stephen Farrell
stephen.farrell at cs.tcd.ie
Fri Jan 13 05:34:24 PST 2006
Jim Fenton wrote:
> That sounds like a good discussion when we get back to the -base draft.
>
> I'm convinced that the verifier needs to treat broken signatures as if
> they weren't there:
>
> - If broken signatures are seen as better than the lack of a signature,
> it's trivial to make one up.
>
> - If broken signatures are seen as worse than the lack of a signature,
> it will serve as a disincentive to signing messages: potential signers
> might not want to do so if they risk having their messages downgraded if
> they pass through an MTA that breaks the signature (or through a mailing
> list that does so).
Nicely put.
Stephen.
More information about the ietf-dkim
mailing list