[ietf-dkim] Alternative text for semantics of multiple signatures
Paul Hoffman
phoffman at proper.com
Tue Apr 4 16:02:31 PDT 2006
At 11:28 PM +0100 4/4/06, Stephen Farrell wrote:
>Paul Hoffman wrote:
>>At 10:59 PM +0100 4/4/06, Stephen Farrell wrote:
>>>If no-one wants to insist on signatures having to be sequential,
>>>then this could be fairly easy!
>>
>>Signatures have to be sequential if you sign them, given our
>>current rules for signing and verifying h=.
>
>Then I'm confused. Someone want to help me out?
>
>I was under the impression out latest proposal was that you didn't
>have to, but could choose to, include (other) DKIM-Signature fields
>in h= and that if you do so choose (i.e. you want sequential sigs)
>that's fine, the verifier will do the right thing (if there's no
>re-ordering), so inside h= DKIM-Signature is handled just like
>Received.
Yup.
>OTOH if you just want parallel sigs, you simply omit
>DKIM-Signature from the h= and only bytes from this DKIM-Signature
>will be input to hashing.
Some signers will want to sign parallel signatures for a variety of
reasons, one of which is that they want to avoid the bid-down attack
(despite the fact that we on this list agree it is not important).
They do their first signature as normal, then they do their second
signature, adding a "DKIM-Signature" to the h= list. This is
optional, of course.
More information about the ietf-dkim
mailing list