On Wed, 28 Feb 2007 00:17:54 -0000, Jim Fenton <fenton(_at_)cisco(_dot_)com>
wrote:
Paul Hoffman wrote:
You keep saying this without justifying it. Others have shown it to be
wrong. Please stop repeating it or support your statement.
Absent this mechanism, a message which has at least one valid signature
on behalf of the From address [assuming some other decisions that are
pending] does not need to consult SSP.
With a mechanism in SSP to specify the signature algorithms that should
be present, it is always necessary to consult SSP to find out the list
of required signature algorithms. This, I believe, is the additional
lookup for every signed message to which Dave refers.
False!
If the SSP tells you that he signs with A and B, then presumably the
selector records will include keys appropriate for use with A and B. If
you see a valid signature with any key in the selector records, then you
never need to go to the SSP.
Now if the signer had also provided a key in the selector records for
algorithm C, and had failed to mention C in his SSP, then he is being
stupid and deserves all he gets, because people who find a valid signature
using C will never consult his SSP.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html