ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Re: dkim service

2005-10-13 22:50:28
from [Jim Fenton] [Permanent Link] 
Dave Crocker wrote:
OK. Able is on your whitelist. Charlie is on your blacklist. Now what?
I'm making this up as I go, but I suppose I would accept the message: if someone I trust asserts responsibility for the message, that's more important than the fact that that someone I distrust also asserted responsibility.
'making this up as I go' is really exactly the problem. multiple signatures moves from one entity taking responsibility to some unknown combination of responsibilities, ensuring substantially greater complexity in the overall system. What are the relationships among the signers? How much does the validator care and in what way? etc.
Pardon my candor then: Of course I'm making this up as I go, because we all know that this case isn't covered by the draft specifications.
The bottom line is that it's up to the recipient. I know this isn't a very satisfying answer, and it may even seem evasive. But consider my example, a non-munging mailing list that re-signs messages, in conjunction with John's example, a known 419 domain.
Suppose you get a message from a mailing list you subscribe to that is also signed by a known 419 domain. Do you want to accept that message? It depends. Many people wouldn't, but someone who has some responsibility for the list may. DKIM signatures are providing information to the recipient, and the fact that the message was signed by the list and by the 419er are both relevant pieces of information.
Now suppose that instead the list stripped the original signature but signed an authentication-results header saying that the message had a valid signature from the 419 domain. How does that make the decision any easier? 



d/
ps. the small matter of transitions, such as between different signing keys, is really the argument that convinced me we needed multiple signatures. but that is a "find one valid signature" rather than :"analyze the relationship among multiple".
In that case, I would be more likely to overlap multiple selectors (key records) than to use multiple signatures. 

-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: dkim service, Dave Crocker
Next by Date:  Re: [ietf-dkim] Re: DKIM BOF -- draft charter and agenda, Arvel Hathcock
Previous by Thread:  Re: [ietf-dkim] Re: dkim service, Dave Crocker
Next by Thread:  Re: [ietf-dkim] Re: dkim service, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]