The signature breaking for applications that muck too much with the
message is a 'feature' not an issue.
- mail lists that change portions of the message that are signed, must
re-sign the message
this makes for a simple policy interpretation of the signed messages.
It's just a small
challenge for this group to determine what fields are protected
- messages that have a broken signature should not be discarded, but
instead treated as if they
do not have a signature. Additional filtering will always be
required. We can not ever
expect 100% coverage by DK
Paul
-----Original Message-----
From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Murray
S. Kucherawy
Sent: Wednesday, October 27, 2004 4:27 PM
To: IETF MAILSIG WG
Subject: Re: CircleID on DomainKeys
On Wed, 27 Oct 2004, Tony Finch wrote:
in the long run, if the mailing list changes the message
it should
re-sign.
In the short run, requiring that mailing lists do this in order for
verification to work is a serious deployment problem.
True perhaps, but any solution is going to have at least one
aspect that is a serious deployment problem.
We have to choose a battle. We can't avoid all of them.