Douglas Otis wrote:
Neither an "invalid signature" nor "no signature" offers a safe or any
significant difference for non-repudiation. Your assumption appears
based upon a invalid signature offering greater confidence in a message
source than would no signature.
On the contrary, less confidence on what a true NO signature condition
provides. IOW, by lumping a broken signature, promoted to no signature
status, then you have what you say is true. So its not giving it more
confidence, but rather it us removing confidence away from the 100%
assurance and benefits the ALL and STRICT policy provides.
David wanted to see the threats and issues of SSP policies. IMO, this
is one of them.
Giving a message with a broken signature credit is a dangerous policy.
True. But giving it credit wasn't the point here.
Section 4.2 is not clear that this prohibition on signature removal is
to be for issuing a "different" message from the one originally signed.
Well, according to,
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
Mailman is already stripping and replacing signatures:
"A representative of another type of mailing lists
is Mailman, which often modifies mail body and strips out
original signatures, unless explicitly configured not to."
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html