[ietf-dkim] Re: 1368 straw-poll :
EKR
ekr at networkresonance.com
Mon Feb 26 10:20:12 PST 2007
Hector Santos <hsantos at santronics.com> writes:
> In my view, it doesn't matter if its A, B, AB, XYZ or weaker or
> stronger. It is about expectations.
>
> if S says I only sign with A, then R should not see signatures with B,
> X or Y.
OK, but we're discussing what sorts of policies S should be able to
communicate. In particular, should S be able to say "I sign with
both A and B and any signature you see from me will have both,
not just either."
> Seeing failure as unsigned just doesn't cut it for me simply because
> there will be MORE failures then success and we will need a way to
> deal with that.
It seems to me that you're denying a basic premise of the system.
>From base S 4.2:
Verifiers SHOULD ignore failed signatures as though they were not
present in the message. Verifiers SHOULD continue to check
signatures until a signature successfully verifies to the
satisfaction of the verifier. To limit potential denial-of-service
attacks, verifiers MAY limit the total number of signatures they will
attempt to verify.
-Ekr
More information about the ietf-dkim
mailing list