ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Issue: Requirements #9 NOT REQUIRED for 1st party valid signatures.

2006-08-10 09:03:51
from [Damon] [Permanent Link] 
On 8/10/06, Stephen Farrell <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> 
wrote:


Damon,

There are some problems with your suggested statement. (Note:
I'm not saying I'd agree with it if its fixed, but as of now
its just not ready for the WG to consider.)

Damon wrote:
> The Protocol MUST NOT be required to be invoked if a valid first party
> signature (without the 's') is found.

Ambiguous. Do you mean:

MUST NOT be invoked if any valid first party signature is found,

or,

MUST NOT be invoked if exactly one valid first party signature is
found ?

(Aside: the latter would be, IMO, silly, so I guess you didn't
mean that.)


Was just keeping with what was already there in #9 and expounding upon it.




 > However, if the first party
> signature if damaged in transit

A signature or message may be changed in transit, or may be bogus,
but the verifier cannot know that - the verifier can only tell
that there is no good (first party) signature.


Ok. What happens if there is a list of authorized signing domains and
one of those signs the message... then what?
We already said that a damaged sig = no sig. We also said that a
valid signer is a valid signer.



 > the Protocol MUST be invoked to
> determine if any authorized domain or third party signers have signed
> the message.

Nope. The verifier can tell if they've signed by looking and checking,
so s/have signed/have been flagged by the first party as acceptable
signers for/ or something like that.


Stealing from Phillip... aww fishpaste.. your right.




 > The order in which each authorized domain or third party
> signer is validated MUST NOT be specified.

Why? Seems like a nit. And I'd probably steer clear of calling
these authorized, on the basis that the term has a lot of
ancillary baggage that we don't really want to have to explain
away. (Having said that, it is a natural word to use, but not
the best technical term;-)


I wasn't too clear myself on how best to say, if an authorized domain
sig is valid over a broken first party sig, but there are multiple
authorized sigs, it should not matter which one is used, just the
first one you check and it valid is fine.

I am not a very good wordsmythe

Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Lean vs. Fat 'requirements', Steve Atkins
Next by Date:  Re: [ietf-dkim] Re: Requirements comment: Bigbank example description, Hector Santos
Previous by Thread:  Re: [ietf-dkim] Issue: Requirements #9 NOT REQUIRED for 1st party valid signatures., Stephen Farrell
Next by Thread:  Re: [ietf-dkim] Issue: Requirements #9 NOT REQUIRED for 1st party valid signatures., Michael Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]