John R Levine wrote:
message has three sigs from Able, Baker, and Charlie (in that order if
you care about order.) Able and Charlie verify, Baker doesn't. Now
what do you do?
I have come to the conclusion that you just need to behave as if Baker
isn't there at all. If you treat the message more favorably, people
will insert bogus signatures to make that happen. If you treat the
message less favorably, you risk penalizing a message that got modified
in transit, or in this case possibly signed by a defective intermediary.
OK. Able is on your whitelist. Charlie is on your blacklist. Now what?
I'm making this up as I go, but I suppose I would accept the message:
if someone I trust asserts responsibility for the message, that's more
important than the fact that that someone I distrust also asserted
responsibility.
-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org