I think I like this approach - keeping stuff off the critical path
to the extent possible, but I'm a bit unclear as to where the
suggested boundary is here. Maybe the answer to this questions will
help me out:
Does #1 above include specification of *a* way for a mailing list
to add its signature to an already signed message, s.t. there is a
chance that both signatures can verify at the end-recipient's MTA.
(I can imagine that there'll be variations on how to do this, but
I assume that any such variations would be off the critical path.)
Suggested "process" heuristic for this sort of issue:
Generate two or three different multi-signature test scenarios and make sure we
believe/know they can work. Keep the debate about the selection of scenarios
limited. They merely have to look reasonable; they don't have to be comprehensive.
Defer all other work on multiple signatures.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
ietf-dkim mailing list
http://dkim.org