ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Base issue: multiple linked signatures

2006-12-28 17:30:36
On Tue, 26 Dec 2006 11:21:09 -0500 DKIM Chair 
<leiba(_at_)watson(_dot_)ibm(_dot_)com> wrote:
In discussions with the IESG to sort through their "discuss" comments, 
I had a talk with Lisa Dusseault, and she had one point that I want to 
bring back to the mailing list:  I don't think we considered, in our 
discussions of multiple signatures, multiple *linked* signatures, which 
could work TOGETHER to convey information, and the protocol doesn't 
allow that sort of thing.  The way dkim-base is set up, I don't think 
this could easily be added as an extension, and it'd be a significant 
change at this point.  Here's the concept:
* Signer puts on two signatures (maybe as two header records, maybe as 
one that contains two sigs).
* One of the signatures has minimal scope, maybe signing only "from:", 
with l=0.
* The other signature covers as much of the message as possible... most 
headers, all the boby.
* The two signatures work together.  If one verifies and the other 
doesn't, the verifier can consider what was changed in the message, and 
possibly use that information to deal with mailing list modifications 
or whatnot.

One way this might be used is to have one signature that covers the 
subject header and one that doesn't, to allow the verifier to detect a 
subject change and decide whether it's OK.  As the spec is now, the 
verifier would just find the one signature (that doesn't cover the 
subject) that works, and use that, not considering the other.

This seems quite simple to me.  If the domain owner doesn't care about 
protecting headers, they should not sign them.  If they care about 
protecting headers from being modified, they should sign them.  

The presence of a failed signature shouldn't affect processing.  Treating a 
failed signature as anything other than no sognature seems a poor practice 
to me.

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html