Folks,
There have been a few proposals in this thread and
also a number of comments/objections/noteworthy
things. But not, so far, much approaching a
conclusion.
So, in an attempt to move towards that, let me
try to ask for opinions on this discrete part of
the issue: When an n-th signature(*) is added by
some signer, does that mean:
a) I take independent responsibility for having
sent/fowarded (the bits of) this email (that I've
signed), or,
b) Me too, whatever that previous good signer
meant - it's not gotten worse.
I think I'd personally design different mechanisms
for each, but then maybe that's just me. Anyway,
which signer perception ought we be trying to
represent, and does the verifier care in any case?
Stephen.
(*) Ignoring >1 signature from the same signer, e.g.
for algorithm agility purposes. Ignore possibly bad
signatures too for the moment if you don't mind.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html