[ietf-dkim] Re: Requirements comment: Bigbank example description
Stephen Farrell
stephen.farrell at cs.tcd.ie
Thu Aug 10 04:02:23 PDT 2006
Frank Ellermann wrote:
> Hector Santos wrote:
>
>> Hope this provide some insight.
>
> Yes. Following your pseudo-code I get "surprising" FAILs for
> the Resent-* cases:
>
> A signed mail with "strict" SSP is Resent-From Jou User. The
> included original signature is valid, everxything works, UNLESS
> Joe's mail service provider signs all outgoing mails. Then the
> resent mail would have two signatures, one by Joe's provider,
> and that second signature FAILs for a "strict" SSP.
But don't we currently have a requirement in 5.3 that says:
9. [PROVISIONAL] A signature that is not on behalf of the
RFC2822.From MUST NOT be construed as suspicious for the
purposes of The Protocol.
If that were to gain consensus (as I believe it ought, at least
since the alternative makes no cryptographic sense to me) then
would there still be a problem with Resent-* cases? If so, what
problem?
If the problem is just the pseudo-code then that can be fixed
there.
Stephen.
More information about the ietf-dkim
mailing list