>> In my book it's the same as A signed by A. The only concern I would have >> is if B added content, what to do about that, I'm not sure.
I'd appreciate a concrete example where B adds and signs content without breaking A's signature. There's a few scenarios that have come up: * The first signature has l= and B adds stuff at the end. * The first signature didn't have MIME headers and B adds them, perhaps making a lot of the original message invisible in a newly defined MIME part. Note that these two are easy to defend against: always sign MIME headers, even if there aren't any, and don't use l=. If people think there are other scenarios where a second signer can make signficant changes to a message without breaking an existing signature, we have worse problems than SSP. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
