[ietf-dkim] Re: dkim-base-01 nits and semi-nits
Douglas Otis
dotis at mail-abuse.org
Tue May 2 12:28:28 PDT 2006
On May 2, 2006, at 11:30 AM, Jim Fenton wrote:
> I don't think the wording "consider this signature invalid"
> requires the verifier to consider a signature failure as "unsigned".
The state of being "unsigned" implies the message does not contain a
verifiable signature. Signature verification may fail when the
algorithm is unknown. Imposing a scheme where an invalid signature
affects the validity of other signatures may prohibit a means to
transition to newer algorithms.
> Yes, as I said in http://article.gmane.org/gmane.ietf.dkim/1751, I
> think one should consider failed signatures as if they aren't
> there, but I'm not sure that's something to include in the -base
> specification.
Some limit should bound the signature verification process, either by
a permitted number of signatures or a minimum number of verification
operations. A basic goal of ensuring compatibility seems to require
that some signature/verification limit be established.
-Doug
More information about the ietf-dkim
mailing list