[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of John Levine
CON: If you sign it, you take responsibility for it,
recipients shouldn't care how it got to you. Multiple
signatures are fragile when transiting list managers that may
modify the subject and body (a topic debated at length with
IIM.) If a message has both a good sig and a bad sig,
semamtics are not clear.
It is not sufficient for someone to accept responsibility. Who accepts
responsibility is just as important.
I might trust iecc.com but have no data at all on mipassoc.org. Or the
reverse might be true.
A one signature rule means that somewhere infrastructure is going to
make an illogical and unneccessary guess as to what my trust criteria
are. It is inevitably going to get them wrong as those criteria are
private and constantly changing.
With respect the semantics of a bad sig are already defined to be 'treat
as unsigned'. So the semantics of a message with one good sig and one
bad are completely clear, it is directly equivalent to the message with
one good sig.
We do need a mechanism for determining the order in which multiple
signatures are added. This is not difficult or complex. A simple
monotonic counter works fine.
_______________________________________________
ietf-dkim mailing list
http://dkim.org