[ietf-dkim] Base issue: multiple linked signatures
Charles Lindsey
chl at clerew.man.ac.uk
Wed Jan 3 02:46:55 PST 2007
On Tue, 02 Jan 2007 16:48:59 -0000, John Levine <johnl at iecc.com> wrote:
>> I would support some gentler language that permits use of z= in
>> verification, with particular attention paid to ensuring that a new
>> security vulnerability is not introduced.
> So I still think our decision to stay away from the whole thing was
> correct. Either it's the same message and the signature verifies, or
> it's not. I suppose we could tell people that it's OK to use z= as
> part of the process of deciding what to do with a message whose
> signature didn't verify, but that process is outside the scope of the
> spec.
I agree, except that we didn't 'stay away' :-( . Verifiers may develop all
sorts of strategies for deciding which failed signatures are in fact safe
to let proceed. Our documents can suggest strategies, but should not try
to enforce or forbid them. So it is within out scope to the extent that we
should think about it to the extent necessary to avoid unnecessary
restrictions.
So by all means point out that 'z=' was intended for diagnostic use, but
MUST language forbidding other uses is too strong, since again no
interoperability issue arises.
>
>> My solution would be for the modifier to sign the message after
>> modification.
But not always practical (e.g. after an EAI downgrade).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list