What the recipient does with the data is out of scope.
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Michael Thomas
Sent: Friday, October 14, 2005 9:43 AM
To: John R Levine
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Re: dkim service
John R Levine wrote:
message has three sigs from Able, Baker, and Charlie (in
that order
if you care about order.) Able and Charlie verify, Baker
doesn't.
Now what do you do?
I have come to the conclusion that you just need to behave
as if Baker
isn't there at all. If you treat the message more
favorably, people
will insert bogus signatures to make that happen. If you treat the
message less favorably, you risk penalizing a message that got
modified in transit, or in this case possibly signed by a
defective intermediary.
OK. Able is on your whitelist. Charlie is on your
blacklist. Now what?
Why do we care? Is there a problem if two different receivers
take different actions? How does this differ from today where
this situation is perfectly possible?
Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org
_______________________________________________
ietf-dkim mailing list
http://dkim.org