ietf-mailsig
[Top] [All Lists]

RE: CircleID on DomainKeys

2004-10-27 19:32:49

The signature breaking for applications that muck too much with the
message is a 'feature' not an issue.

 - mail lists that change portions of the message that are signed, must
re-sign the message
   this makes for a simple policy interpretation of the signed messages.
It's just a small
   challenge for this group to determine what fields are protected
 - messages that have a broken signature should not be discarded, but
instead treated as if they
   do not have a signature.  Additional filtering will always be
required.  We can not ever 
   expect 100% coverage by DK

Paul

-----Original Message-----
From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Murray 
S. Kucherawy
Sent: Wednesday, October 27, 2004 4:27 PM
To: IETF MAILSIG WG
Subject: Re: CircleID on DomainKeys


On Wed, 27 Oct 2004, Tony Finch wrote:
in the long run, if the mailing list changes the message 
it should 
re-sign.

In the short run, requiring that mailing lists do this in order for 
verification to work is a serious deployment problem.

True perhaps, but any solution is going to have at least one 
aspect that is a serious deployment problem.

We have to choose a battle.  We can't avoid all of them.




<Prev in Thread] Current Thread [Next in Thread>