John R Levine wrote:
Personally, I see the point of a DKIM signature as being that you know
where to pin the blame, and it's not helpful to diffuse that. If it were
up to me, I'd decree that when you sign a message, you MUST discard all
the old signatures because you're taking responsibility for it. I don't
care how the message got to you, it's your message now.
As a guy who is concerned about the semantics of multiple signatures I
am also concerned about tossing away trace information. An intermediary
should only toss the trace information if they've intentionally broken
it (say due to canonicalization rules). If they haven't broken it they
should leave it alone and leave it for others to decide.
This doesn't speak to how the information should be use in the normal
course of processing a message, nor does this make the problem easier.
You need a way to indicate who was the last to sign. The two obvious
approaches are prepend order and sequence #s.
Eliot
_______________________________________________
ietf-dkim mailing list
http://dkim.org