On 8/3/06, Mark Delany <MarkD+dkim(_at_)yahoo-inc(_dot_)com> wrote:
On Thu, Aug 03, 2006 at 08:14:19AM -0700, Dave Crocker allegedly wrote:
> >> In other words, I think that fate-sharing is inherent here, where two
different
> >> domain names can be identified.
> >
> > Why would your ISP be identified and, even if it is, why would its
> > signature, as a third-party, be more relevant than your signature, as
> > a first party?
>
> Some will do their own signature "just to be safe". Certainly their IP
address
> will be obtained as it is now.
Which I think is the point. Filters already thrive on diversity, so
it's not clear to me that we will be able to impose much uniformity on
that front.
The only mandate I think we could possibly make towards uniformity is
if we said that signers MUST remove all existing signatures. If
verification ever allow the presence of multiple signatures, then
pretty much all bets are off as to how deployments will add
signatures.
Having said that. In the dim distant past we did talk about origin
signatures and relay signatures (or some such, I forget the exact
nomenclature for the moment). So I suppose if we can clearly
distinguish origin signatures from relay signatures, that might be
useful.
Mark.
Mark,
I think the idea of distinguishing between originator signature and the
non-originator is very interesting. I see a technical issue with the
previous statement you made about removing all previous signatures and the
next statement. I am assuming that you would _never_ remove the originators
signature. So that would leave an outgoing relay looking for all the other
relays but not touching the originator. Sounds like a spot that a parser
could break the signing fairly easy.
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html