ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] testing Message Corpus & question for base spec

2006-02-20 15:53:08
Hector Santos wrote:
----- Original Message -----
From: "Eric Allman" <eric+dkim(_at_)sendmail(_dot_)org>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>

  
Yes, I agree.  The kind of algorithm I have in mind is something like:

        read_all_signatures();
        sort_signatures_into_preferred_order();
        good_sig = false;
        foreach sig in signatures
                if (malformed || missing key || expired key || ...)
                        continue;
                if (good_sig = check_sig_ok(sig))
                        break;   // from foreach
        if (good_sig)
                process the message with signature
        else
                process the message as though there were no signature

The problem is turning this into English.
    

[FLAWED TECHNOLOGY!]

    If one or more signatures are valid, then process the message as
    a good signature.  This includes if there exist one or more
    bad signature.  As long as there is 1 good signature, process
    the message as a good signature.
  
Perhaps this is part of sort_signatures_into_preferred_order(), but I
wanted to make it explicit:  Since SSP might not allow third-party
signatures, it's probably best to check first-party signatures first. 
Stopping with the first valid signature might not give the right result
otherwise.

-Jim
_______________________________________________
NOTE WELL: This list operates according to 
http://dkim.org/ietf-list-rules.html