[ietf-dkim] Proposal for specifying syntax and semantics for
multiple signatures
Douglas Otis
dotis at mail-abuse.org
Mon Apr 3 12:04:01 PDT 2006
On Apr 3, 2006, at 9:53 AM, Arvel Hathcock wrote:
> > 1. Whether we want to have a mechanism to let the signature survive
> > the reordering of multiple sig headers or not. I've heard Mike and
> > Dave say no, we don't. Is that correct?
>
> I've also said it's added complexity that I don't think we need.
>
> > 2. Whether we want to be able to detect the removal of a signature
> > header (as perhaps in the case of a "stronger" one and leaving a
> > "weaker" one). I think the consensus is that we don't care about
> > this; I'd like to confirm that.
>
> Right, we don't care about that.
Email can not easily negotiate these algorithms. Are you expecting
to sign messages differently for each recipient?
A verifier must be able to detect when a stronger signature has been
removed when two signatures are offered. Without this ability to
detect such a removal, all verifiers and senders will remain at risk
to a downgrade attack during perhaps a _very_ long algorithm
transition period. It requires very little to repair this problem at
the outset.
-Doug
More information about the ietf-dkim
mailing list