OK. Able is on your whitelist. Charlie is on your blacklist. Now
what?
I'm making this up as I go, but I suppose I would accept the message:
if someone I trust asserts responsibility for the message, that's more
important than the fact that that someone I distrust also asserted
responsibility.
'making this up as I go' is really exactly the problem. multiple
signatures moves from one entity taking responsibility to some unknown
combination of responsibilities, ensuring substantially greater
complexity in the overall system. What are the relationships among the
signers? How much does the validator care and in what way? etc.
d/
ps. the small matter of transitions, such as between different signing
keys, is really the argument that convinced me we needed multiple
signatures. but that is a "find one valid signature" rather than
:"analyze the relationship among multiple".
_______________________________________________
ietf-dkim mailing list
http://dkim.org