on multi-signatures (was Re: [ietf-dkim] Re: dkim service

Jim Fenton wrote:
> John R Levine wrote:
>
> > > > message has three sigs from Able, Baker, and Charlie (in that order if
> > > > you care about order.)  Able and Charlie verify, Baker doesn't.  Now
> > > > what do you do?
> > > I have come to the conclusion that you just need to behave as if Baker
> > > isn't there at all.  
Agree (and skip)
> > OK.  Able is on your whitelist.  Charlie is on your blacklist.  Now what?
> I'm making this up as I go, but I suppose I would accept the message:  
> if someone I trust asserts responsibility for the message, that's more 
> important than the fact that that someone I distrust also asserted 
> responsibility.
Absolutely. This is really just 1st-level trust manangement, which works 
fine. Signatures by blacklisted sources don't are always ignored, never 
even validated. Blacklist is just list of identifiers, it is only 
whitelist you use to validate stuff.
Things get hairy in trust-management only when you allow multiple 
levels, i.e. you get a message signed by Alice, and you find two 
evaluations of Alice: a positive evaluation (recommendation) by Bob, and 
a negative one (warning) by Charlie, and both Bob and Charlie are on 
your `trusted evaluators` list... There are even more problematic 
scenarios, but luckily this topic is, imho, not necessary for our 
current discussion (although an interesting topic, btw!).
--
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI: 
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages: 
http://AmirHerzberg.com/shame
_______________________________________________
ietf-dkim mailing list
http://dkim.org