From: Jim Fenton
Sent: Wednesday, October 06, 2004 6:09 PM
You need to consider both authentication failure (signature
present but doesn't verify) and failure to authenticate (lack of
signature). It will be quite a while before we can reject
unsigned messages out of hand, except when the asserted sending
domain publishes a policy that it signs everything. Signatures
that don't verify could probably be dealt with more harshly, but
only after we have some experience showing that signature
integrity isn't being mangled in transit.
Thanks for the clarification. That makes a lot of sense. I was only
thinking of a signature that failed to validate, but as you've pointed out,
it won't be safe to reject even that until we know that the canonicalization
used is robust to in-transit mangling.