At 1:51 PM +0100 3/30/06, Stephen Farrell wrote:
I think that the bodyhash thing in this context is a side-issue.
Isn't the main thing here that we need to figure out:-
- what base needs to say about cases where a message containing
>1 signature is presented for verification, noting that that
could happen for alg. agility reasons or else because some list
s/w, or some otherwise odd MTA, added its own signature to an
already signed message
- whether base needs to have any mandates or guidance for signers
who want to add a signature to an already-signed message they
receive (note the above doesn't exclude the advice being "don't
do it"), and if so, then what (e.g. some ideas about signing a
few list related headers were batted about previously)
I agreed in Dallas to write up a proposal for these. That should be
within a few days.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html