ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Signature identifier proposal

2006-03-21 10:50:57
On Mon, 20 Mar 2006, Jim Fenton wrote:
I don't understand the value of knowing which signature(s) succeeded beyond knowing what the signing identity/ies (i= or equivalent) is associated with the successful signature(s). One of the primary reasons for i= is to clarify the role of the signer when the domain isn't enough, i.e., when user(_at_)example(_dot_)com sends a message through list(_at_)example(_dot_)com, you want to know whether it's a signature on behalf of the user or the list.

The same signer might sign the message twice, with two different algorithms. If on arrival one verifies and one does not (an ambiguous result), the recipient might be interested in the details of which algorithm was used in which case in order to make a go/no-go decision. This might be especially interesting if rsa-sha256 failed and rsa-sha1 succeeded, for example.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>