[ietf-dkim] How SSP will assist DKIM-BASE
hsantos at santronics.com
Tue Dec 18 09:58:55 PST 2007
Douglas Otis wrote:
> Neither an "invalid signature" nor "no signature" offers a safe or any
> significant difference for non-repudiation. Your assumption appears
> based upon a invalid signature offering greater confidence in a message
> source than would no signature.
On the contrary, less confidence on what a true NO signature condition
provides. IOW, by lumping a broken signature, promoted to no signature
status, then you have what you say is true. So its not giving it more
confidence, but rather it us removing confidence away from the 100%
assurance and benefits the ALL and STRICT policy provides.
David wanted to see the threats and issues of SSP policies. IMO, this
is one of them.
> Giving a message with a broken signature credit is a dangerous policy.
True. But giving it credit wasn't the point here.
> Section 4.2 is not clear that this prohibition on signature removal is
> to be for issuing a "different" message from the one originally signed.
Well, according to,
Mailman is already stripping and replacing signatures:
"A representative of another type of mailing lists
is Mailman, which often modifies mail body and strips out
original signatures, unless explicitly configured not to."
Hector Santos, CTO
More information about the ietf-dkim