ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] chained signatures, was l= summary

2009-06-03 10:06:12
WTF is the point of inserting an A-R header if you are not willing to take  
responsibility for what you have done by signing it?

And why should anyone else believe your A-R if you have omitted that  
elementary step?

The most common use of A-R will likely involve a secure channel
between the place where it's applied and the place where it's
interpreted, e.g., it's applied at a border MTA and it's interpreted
in a downstream MTA or MUA within the same network.  In that case, you
don't need a signature.

If you imagine that there are strangers elsewhere in the world who
would be impressed by your opinion of a message you were forwarding,
you might want to sign it, but as I've noted before, if you're
forwarding it and mutating it enough that recipients wouldn't use an
incoming signature (i.e., you're a mailing list) you'd best take care
to send and sign only mail that recipients are likely to want.

I'm with Mike here -- signing A-R isn't important, because chained
signatures won't be useful in practice.

R's,
John


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>