ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: 1368 straw-poll :

2007-02-26 11:40:50
Hector Santos <hsantos(_at_)santronics(_dot_)com> writes:

In my view, it doesn't matter if its A, B, AB, XYZ or weaker or
stronger.   It is about expectations.

if S says I only sign with A, then R should not see signatures with B,
X or Y.

OK, but we're discussing what sorts of policies S should be able to
communicate. In particular, should S be able to say "I sign with
both A and B and any signature you see from me will have both,
not just either."


Seeing failure as unsigned just doesn't cut it for me simply because
there will be MORE failures then success and we will need a way to
deal with that.

It seems to me that you're denying a basic premise of the system.
From base S 4.2:

   Verifiers SHOULD ignore failed signatures as though they were not
   present in the message.  Verifiers SHOULD continue to check
   signatures until a signature successfully verifies to the
   satisfaction of the verifier.  To limit potential denial-of-service
   attacks, verifiers MAY limit the total number of signatures they will
   attempt to verify.

-Ekr

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html