Hector Santos wrote:
----- Original Message -----
From: "Eric Allman" <eric+dkim(_at_)sendmail(_dot_)org>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Yes, I agree. The kind of algorithm I have in mind is something like:
read_all_signatures();
sort_signatures_into_preferred_order();
good_sig = false;
foreach sig in signatures
if (malformed || missing key || expired key || ...)
continue;
if (good_sig = check_sig_ok(sig))
break; // from foreach
if (good_sig)
process the message with signature
else
process the message as though there were no signature
The problem is turning this into English.
[FLAWED TECHNOLOGY!]
If one or more signatures are valid, then process the message as
a good signature. This includes if there exist one or more
bad signature. As long as there is 1 good signature, process
the message as a good signature.
Perhaps this is part of sort_signatures_into_preferred_order(), but I
wanted to make it explicit: Since SSP might not allow third-party
signatures, it's probably best to check first-party signatures first.
Stopping with the first valid signature might not give the right result
otherwise.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html