People should not try to define an interpretation policy in this group. The mail acceptance policies of some large ISPs are rule based systems with upwards of 10,000 active rules. The purpose of DKIM is to allow those systems to make the best choic possible.
The real world is complex. Do not cripple DKIM because you want to pretend that it is simple. The examples you state are irrelevant because an ISP is likely to have a policy that is developed and changed in reaction to the developing and changing attack. In some cases the ISP will reject because of a 419 domain sig, in others a different policy may be appropriate. If you know the order of the signatures the receiver can always decide to only validate the last signature and use that one. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John R Levine > Sent: Friday, October 14, 2005 12:44 AM > To: Jim Fenton > Cc: [email protected] > Subject: Re: [ietf-dkim] Re: dkim service > > > >OK. Able is on your whitelist. Charlie is on your > blacklist. Now what? > > > > > I'm making this up as I go, but I suppose I would accept > the message: > > if someone I trust asserts responsibility for the message, > that's more > > important than the fact that that someone I distrust also asserted > > responsibility. > > But I could equally well decide that even if a friend of mine > accidentally signed it, I never ever want any mail from a > place that is known to send only 419 spam. > > I think we have confirmed that none of us really know what > we'd do with multiple signatures. Is that a problem, or > should we just say that we'll try to support them with > unspecified semantics and hope they turn out to be useful? > > Personally, I see the point of a DKIM signature as being that > you know where to pin the blame, and it's not helpful to > diffuse that. If it were up to me, I'd decree that when you > sign a message, you MUST discard all the old signatures > because you're taking responsibility for it. I don't care > how the message got to you, it's your message now. > > R's, > John > _______________________________________________ > ietf-dkim mailing list > http://dkim.org > > _______________________________________________ ietf-dkim mailing list http://dkim.org
