On Mar 23, 2008, at 2:34 PM, Dave Crocker wrote:
Double mumble.
Jim,
Per the response to Levine's concern, I'd rather simply have text
that dodges the question of multiple signatures, here. Multiple
sigs are fine, but the figure is trying to look at a more contained
topic. I believe that having the figure explicitly show multiple
sigs will, for example, require showing multiple private/public key
pairs, and probably some sort of iterative behavior to cycle through
each key. Since this is an architectural diagram, rather than a
functional flow chart, I don't think the complexity of iteration is
needed.
Can you live with that?
Signature validation will incur additional processing and must also
deal with multiple signatures per message as this is afforded by
DKIM. With actions flowing from "Verify Signatures" step in the
diagram, this appears to be based upon an assumption all signatures
within a message are to be validated. Domain/address assessments
ahead of signature validations may be needed to defend limited
resources. Unfortunately it appears there is no consideration as to
where such strategy might be employed in defending the receiver's
validation resources. It is possible a practical solution would be to
only check signatures of white-listed domains. Where would this fit
within the diagram? It seems defensive methods for DKIM validation
processing are not congruent with the described workflow in the
diagram. Is it really necessary to assume that all messages will have
all their signatures validated?
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html