[ietf-dkim] Base issue: multiple linked signatures
Michael Thomas
mike at mtcc.com
Thu Jan 4 09:36:52 PST 2007
John L wrote:
> I think that we all agree that if the intermediate system re-signed
> the message and we trust that signature, the message is OK. But the
> discussion in progress is, as far as I can tell, about messages where
> an intermediate system modified but did not re-sign.
>
I don't think it's at all clear which is the preferred poison. In your
case, I'd need
to keep a list of domains that I trust, for some value of trust. That's
rather daunting
in all but the smallest of scales. In the other case, I'd need to either
analyze the appended
content, or keep around another list of what is and is not a valid
transformation. The
latter sounds very similar in scope to the re-sign case, while the
former is something
that spam scanners do in spades today. The other aspect of all of this
is that the fate-sharing
on the resign case is all wrong: when I decide to accept/not accept a
message with modifications,
I control my destiny. When I wait for lists to resign, I wait and I wait
and I wait...
Mike
More information about the ietf-dkim
mailing list