On Apr 3, 2006, at 9:53 AM, Arvel Hathcock wrote:
> 1. Whether we want to have a mechanism to let the signature survive
> the reordering of multiple sig headers or not. I've heard Mike and
> Dave say no, we don't. Is that correct?
I've also said it's added complexity that I don't think we need.
> 2. Whether we want to be able to detect the removal of a signature
> header (as perhaps in the case of a "stronger" one and leaving a
> "weaker" one). I think the consensus is that we don't care about
> this; I'd like to confirm that.
Right, we don't care about that.
Email can not easily negotiate these algorithms. Are you expecting
to sign messages differently for each recipient?
A verifier must be able to detect when a stronger signature has been
removed when two signatures are offered. Without this ability to
detect such a removal, all verifiers and senders will remain at risk
to a downgrade attack during perhaps a _very_ long algorithm
transition period. It requires very little to repair this problem at
the outset.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html