----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
To: <Bill(_dot_)Oxley(_at_)cox(_dot_)com>
So should the first party remove 3rd party signatures?
Assumedly, most of these third party signatures will be added after
the first party signatures so in the normal case it wouldn't have
the opportunity.
You are making in flawed assumption about how things are going to
behaved. You can't design a protocol like this.
The protocol verification process has to work on the basis of consistent
logic and expectations of the system regardless of how the message was
created or not.
"! All mail from the entity is signed; Third-Party
signatures SHOULD NOT be accepted in lieu of an entity
signature
Yes, that's what it's supposed to mean.
So in other words, for the EXCLUSIVE (o=!) policy.
DO NOT ACCEPT IF AN OA SIGNATURE IS MISSING.
DO NOT ACCEPT IF A 3RD PARTY SIGNATURE IS PRESENT.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org