On October 13, 2005 at 16:20, Jim Fenton wrote: > This relates to one of the motivations for multiple signatures. If you > have a non-mangling mailing list, you might want to preserve the > original signature, because it's still valid and some people might want > to base a decision on that. They (or others) might want to know for > sure that it came from the list, because they want to make sure that > they read all messages on the list. A WG chair might have that concern, > for example.
And here is where roles can play an important role, especially wrt SSP. The mailing list signature could not be applied, or be valid, if the SSP (as currently defined) disallows 3rd-party signatures (and it has been argued that no entity should allow 3rd-party sigs due to spoofing concerns). However, if the list sig had a role specification, SSP constraints would not be a factor since the list is not claiming any relationship with to the OA. --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
