Tony Finch wrote:
On Wed, 5 Jan 2005, Jim Fenton wrote:
Sure, any entity modifying a message SHOULD re-sign it. But I don't see any
reason to explicitly exclude end to end use, if all the intermediaries (and
even re-originators, like mailing lists) happen to be "nice" to the message.
Or is it that the "good enough" solution you have in mind explicitly excludes
end to end use?
What I would like to be able to do is reject any message which has a
signature that fails to verify, without false positives (which are defined
by senders and recipients of messages, not by me).
This looks to be very hard to do, in the short term, anyway. Until all
mailing lists and other manglers of messages become "MASS-compliant"
(which I expect to take a while), you are likely to legitimately get
some signed messages that don't verify correctly. Besides, senders of
undesirable messages are likely to start signing right away, so it seems
like this would reject more desired than undesired messages.
I'm reading your wording carefully, and it sounds like you're proposing
to deal more harshly with "broken" signed messages than unsigned
messages. I had been thinking along those lines, but gave up on it
because of what I said above. Can you elaborate on your rationale?
-Jim