On Tuesday 01 August 2006 07:57, Stephen Farrell wrote:
Scott Kitterman wrote:
On Tuesday 01 August 2006 05:12, Stephen Farrell wrote:
Scott Kitterman wrote:
Message from A, signed by A and B; does SSP matter? (I hope not.)
In my book it's the same as A signed by A. The only concern I would
have is if B added content, what to do about that, I'm not sure. I
expect that's probably a question for receiver policy and unlikely to
Message from A, signed by C; SSP says nothing about C.
Yes. Then how to treat this would be a question of what A's SSP says
(is the list exclusive or not) and the receiver policy.
I still don't understand why we care if someone adds a signature and
does nothing else.
If B adds a signature covering a header not covered by A's signature,
then I can imagine that the verifier might want to treat that header
differently from those signed by A. But ignore that for now - if both
A and B sign exactly the same headers+content, then what bad thing
can happen? (That would cause A to want a countermeasure.)
Agreed, but in the multiple signature case my caveat was limited to the
case of the second signer adding content. If B adds a signature, but
does not modify the content of the message, then I don't think the
verifier would treat them differently.
I do think the verifier might treat them differently, but the point is
that B's additional signature isn't harmful in any way, which would
imply that there's no need to express the following in SSP: "Only
these signers are supposed to sign my mail". (We may or may not want
to be able to say "One of these signers must sign my mail", but
I guess, if agreed, that'd suggest a potential non-requirement for SSP,
"no need to specify who's not supposed to sign".
I can see that.
As I read the later case, the only signature present (C's) is not one
that is included in A's SSP. In this case we have a message with a
signature that is outside the scope what A has said is authorized (or not
included in A's authoritative list). If A is a high profile phishing
target and signs all of it's mail, then it would be useful (I think) for
receivers to recognize that the message has been signed by someone other
than who A said it would.
In that case its the absence of A's signature that is the problem and
not the presence of C's signature, so to me it seems like the same case
really. But I suspect we agree about this.
NOTE WELL: This list operates according to