+1.
Wietse Venema wrote:
Charles Lindsey:
On Wed, 28 Feb 2007 13:21:55 -0000, Hector Santos <hsantos(_at_)santronics(_dot_)com>
wrote:
There are three basic outcomes with a message:
VALID SIGNATURE
INVALID SIGNATURE
NO SIGNATURE
No, there are four basic outcomes with a message. You omitted
UNVERIFIABLE SIGNATURE
which just happens to be the one that this thread is all about.
On a friendly internet with only cooperating parties, this might
make sense. But the world has changed. With today's internet it
would be a fundamental mistake to make more distinctions than:
the signature was verified
other
If the verifier gives different treatments to different types of
"other", then the bad guys will exploit the verifier's behavior.
The solution to the problem is not to complicate the protocol, but
to avoid the mistake of giving different treatments to different
types of "other".
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html