On Mon, Jan 23, 2006 at 11:23:15PM -0800, Jim Fenton allegedly wrote:
> If the list does sufficient damage to the message that any incoming
> signature is invalid, it might as well throw away the original
> signature.
How does the list know for sure? The only sure way is if it attempts
to re-verify the original signature after applying it's own
modifications.
And that assumes the original signature doesn't contain some future option
that the list doesn't know about - such as a variant l=.
So the actual rules would need to be:
If original verifies
and if I think I've modified badly
and if I understand all tags in the original sig/selector
re-verify list output to see if original sig now fails
then if re-verify fails
remove the original signature
If a list isn't fastidious about these checks then it risks removing a
"still-valid" signature because it thinks the modifications were
invalidating.
> If it's still there, someone is likely to waste time trying
> to verify it.
Is this the only benefit for this complexity? If so, does it risk
being a premature optimization?
Mark.
_______________________________________________
ietf-dkim mailing list
http://dkim.org
