Scott Kitterman wrote:
On Tuesday 01 August 2006 05:12, Stephen Farrell wrote:
Scott Kitterman wrote:
Message from A, signed by A and B; does SSP matter? (I hope not.)
In my book it's the same as A signed by A. The only concern I would have
is if B added content, what to do about that, I'm not sure. I expect
that's probably a question for receiver policy and unlikely to be
standardized.
Message from A, signed by C; SSP says nothing about C.
Yes. Then how to treat this would be a question of what A's SSP says (is
the list exclusive or not) and the receiver policy.
I still don't understand why we care if someone adds a signature and
does nothing else.
If B adds a signature covering a header not covered by A's signature,
then I can imagine that the verifier might want to treat that header
differently from those signed by A. But ignore that for now - if both
A and B sign exactly the same headers+content, then what bad thing
can happen? (That would cause A to want a countermeasure.)
Agreed, but in the multiple signature case my caveat was limited to the case
of the second signer adding content. If B adds a signature, but does not
modify the content of the message, then I don't think the verifier would
treat them differently.
I do think the verifier might treat them differently, but the point is
that B's additional signature isn't harmful in any way, which would
imply that there's no need to express the following in SSP: "Only
these signers are supposed to sign my mail". (We may or may not want
to be able to say "One of these signers must sign my mail", but
that's different.)
I guess, if agreed, that'd suggest a potential non-requirement for SSP,
"no need to specify who's not supposed to sign".
As I read the later case, the only signature present (C's) is not one that is
included in A's SSP. In this case we have a message with a signature that is
outside the scope what A has said is authorized (or not included in A's
authoritative list). If A is a high profile phishing target and signs all of
it's mail, then it would be useful (I think) for receivers to recognize that
the message has been signed by someone other than who A said it would.
In that case its the absence of A's signature that is the problem and
not the presence of C's signature, so to me it seems like the same case
really. But I suspect we agree about this.
Cheers,
S.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html