[ietf-dkim] Attempted summary, SSP again
hsantos at santronics.com
Fri Jan 27 08:29:18 PST 2006
----- Original Message -----
From: "Michael Thomas" <mike at mtcc.com>
To: <Bill.Oxley at cox.com>
>> So should the first party remove 3rd party signatures?
> Assumedly, most of these third party signatures will be added after
> the first party signatures so in the normal case it wouldn't have
> the opportunity.
You are making in flawed assumption about how things are going to
behaved. You can't design a protocol like this.
The protocol verification process has to work on the basis of consistent
logic and expectations of the system regardless of how the message was
created or not.
>>>> "! All mail from the entity is signed; Third-Party
>>>> signatures SHOULD NOT be accepted in lieu of an entity
> Yes, that's what it's supposed to mean.
So in other words, for the EXCLUSIVE (o=!) policy.
DO NOT ACCEPT IF AN OA SIGNATURE IS MISSING.
DO NOT ACCEPT IF A 3RD PARTY SIGNATURE IS PRESENT.
Hector Santos, Santronics Software, Inc.
More information about the ietf-dkim