I am sure you can probably get by without sequence numbers.
The only thing the sequence number does is to allow the verifier to come
to the conclusion 'Signature X did not validate, therefore Signatures
1...X-1 are not worth checking'
Doug needs to sit down and work through the 'games' he refers to. They
are irrelevant, if someone can add a signature they can change the
message.
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Michael Thomas
Sent: Thursday, October 13, 2005 8:14 PM
To: Douglas Otis
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Re: dkim service
Douglas Otis wrote:
On Oct 13, 2005, at 4:20 PM, Jim Fenton wrote:
This relates to one of the motivations for multiple signatures. If
you have a non-mangling mailing list, you might want to
preserve the
original signature, because it's still valid and some
people might
want to base a decision on that. They (or others) might want to
know for sure that it came from the list, because they
want to make
sure that they read all messages on the list. A WG chair
might have
that concern, for example.
Agreed, but how would you ensure the sequence of the keys?
I don't understand the need for sequencing at all. If a
signature binds to an address you care about, that's
goodness. If multiple do, I'm not sure that it makes any
difference to the receiver because it's coming from the same
"authority" (ie, the domain).
Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org
_______________________________________________
ietf-dkim mailing list
http://dkim.org