----- Original Message -----
From: "Michael Thomas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
>> So should the first party remove 3rd party signatures?
>
> Assumedly, most of these third party signatures will be added after
> the first party signatures so in the normal case it wouldn't have
> the opportunity.
You are making in flawed assumption about how things are going to
behaved. You can't design a protocol like this.
The protocol verification process has to work on the basis of consistent
logic and expectations of the system regardless of how the message was
created or not.
>>>> "! All mail from the entity is signed; Third-Party
>>>> signatures SHOULD NOT be accepted in lieu of an entity
signature
>
> Yes, that's what it's supposed to mean.
So in other words, for the EXCLUSIVE (o=!) policy.
DO NOT ACCEPT IF AN OA SIGNATURE IS MISSING.
DO NOT ACCEPT IF A 3RD PARTY SIGNATURE IS PRESENT.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org
