On Oct 13, 2005, at 5:34 PM, Michael Thomas wrote:
Hallam-Baker, Phillip wrote:
I am sure you can probably get by without sequence numbers.
If that's true, then is there any reason to not just
do as we're currently doing which is making them look
like trace headers? This preserves sequence for forensics
which is about the only thing that I suspect you can hope
for.
What prevents their order from being swapped? There could be valid
reasons for someone wanting to modify the apparent order when blame
for abuse is being established. This is beginning to feel like three-
card monte.
The only thing the sequence number does is to allow the verifier
to come
to the conclusion 'Signature X did not validate, therefore Signatures
1...X-1 are not worth checking'
But that could be a DOS attack on the other signatures,
right? Not that it would be hard to DOS it if you have
the message in hand. But it seems like a small thing
to save the RSA verify operation on subsequent signatures.
There is diminishing value as signatures are added. The signature
with the greatest value would be the first signature which is where
feedback will want to be sent first. Subsequent signatures would
offer progressively less value with perhaps an exception regarding
the last-hop. By utilizing a primary/secondary signature header,
there would be absolutely no confusion who went first in the signing
process. It would also limit the maximum number of signatures that
need to be verified and the related overhead. Do you think that 2
would not be enough in most cases? What is the maximal number of
signatures that should be retained.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org