On Tue, 26 Dec 2006 11:21:09 -0500 DKIM Chair <[EMAIL PROTECTED]> wrote: >In discussions with the IESG to sort through their "discuss" comments, >I had a talk with Lisa Dusseault, and she had one point that I want to >bring back to the mailing list: I don't think we considered, in our >discussions of multiple signatures, multiple *linked* signatures, which >could work TOGETHER to convey information, and the protocol doesn't >allow that sort of thing. The way dkim-base is set up, I don't think >this could easily be added as an extension, and it'd be a significant >change at this point. Here's the concept: >* Signer puts on two signatures (maybe as two header records, maybe as >one that contains two sigs). >* One of the signatures has minimal scope, maybe signing only "from:", >with l=0. >* The other signature covers as much of the message as possible... most >headers, all the boby. >* The two signatures work together. If one verifies and the other >doesn't, the verifier can consider what was changed in the message, and >possibly use that information to deal with mailing list modifications >or whatnot. > >One way this might be used is to have one signature that covers the >subject header and one that doesn't, to allow the verifier to detect a >subject change and decide whether it's OK. As the spec is now, the >verifier would just find the one signature (that doesn't cover the >subject) that works, and use that, not considering the other.
This seems quite simple to me. If the domain owner doesn't care about protecting headers, they should not sign them. If they care about protecting headers from being modified, they should sign them. The presence of a failed signature shouldn't affect processing. Treating a failed signature as anything other than no sognature seems a poor practice to me. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
