[ietf-dkim] Revised proposal for specifying syntax and semantics
for multiple signatures
Stephen Farrell
stephen.farrell at cs.tcd.ie
Tue Apr 4 10:08:11 PDT 2006
Paul Hoffman wrote:
> At 5:20 PM +0100 4/4/06, Stephen Farrell wrote:
>> Paul,
>>
>> A question about the semantics bit.
>>
>> What do we need to say about what a verifier MUST, SHOULD
>> or MAY do/NOT do, if sig1 has "h=foo+bar" but sig2 has "h=bar"
>> (or whatever other variant you prefer)?
>
> My preference would be to say nothing. This is a recipient policy issue.
Fair enough. Mine would just slightly be to point that out, e.g.
by saying that its a recipient policy issue.
If folks disagree saying so would be good.
>> However, I suspect that some verifiers will tell someone
>> about what "h=" was when they see a single signature, in
>> which case should we say that such verifiers SHOULD present
>> info about all sigs or something. If a verifier reports
>> partial or confusing information there, then trouble may
>> well ensue. OTOH, this is close to designing an API, and
>> that's not generally IETF business.
>
> Exactly.
(You must be short of words today:-)
Are you agreeing with the first or last sentence there?
S.
More information about the ietf-dkim
mailing list