[ietf-dkim] Alternative text for semantics of multiple signatures
Michael Thomas
mike at mtcc.com
Tue Apr 4 15:10:43 PDT 2006
Stephen Farrell wrote:
> Paul Hoffman wrote:
>
>> At 1:09 PM -0700 4/4/06, Michael Thomas wrote:
>>>> When evaluating a message with multiple signatures, a receiver
>>> SHOULD evaluate signatures independently and on their own merits.
>
>
> Is that really a SHOULD? How could it be tested? Perhaps "should"
> is ok in this case.
I think you're right.
>>> For example, a receiver that by policy chooses not to accept
>>> signatures with deprecated crypto algorithms should consider such
>>> signatures invalid. As with messages with a single signature,
>>> receievers are at liberty to use the presence of valid signatures
>>> as an input to local policy; likewise, the interpretation of
>>> multiple valid signatures in combination is a local policy
>>> decision of the receiver.
>
>
> That looks pretty good.
>
>>> Signers MUST NOT remove any DKIM-Signature headers from messages
>>> they are signing, even if they know that the headers cannot be
>>> verified.
>
>
> Is MUST NOT ok there, as opposed to SHOULD NOT? I seem to recall someone
> wanting to be able to remove signatures to hide internal structure. Not
> sure if that was on the list or not, and it does seem a little bit of a
> corner case (one could in any case wriggle out of the problem by saying
> it wasn't the signer that removed the sig, but it was some other bit of
> code:-) No real opinion myself, just asking.
I copied this from Paul's original. I'm good either way, though
SHOULD seems more appropriate now.
Mike
More information about the ietf-dkim
mailing list