On Tue, 02 Jan 2007 16:48:59 -0000, John Levine <johnl(_at_)iecc(_dot_)com>
I would support some gentler language that permits use of z= in
verification, with particular attention paid to ensuring that a new
security vulnerability is not introduced.
So I still think our decision to stay away from the whole thing was
correct. Either it's the same message and the signature verifies, or
it's not. I suppose we could tell people that it's OK to use z= as
part of the process of deciding what to do with a message whose
signature didn't verify, but that process is outside the scope of the
I agree, except that we didn't 'stay away' :-( . Verifiers may develop all
sorts of strategies for deciding which failed signatures are in fact safe
to let proceed. Our documents can suggest strategies, but should not try
to enforce or forbid them. So it is within out scope to the extent that we
should think about it to the extent necessary to avoid unnecessary
So by all means point out that 'z=' was intended for diagnostic use, but
MUST language forbidding other uses is too strong, since again no
interoperability issue arises.
My solution would be for the modifier to sign the message after
But not always practical (e.g. after an EAI downgrade).
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
NOTE WELL: This list operates according to