>The challenge here is that the second signer may not have anything to do with >the message. Since, except for From, only invisible parts of the message are >signed, the signature could be applied to almost any email. Using the >reputation of the second signer's domain is not substantially different than >using the reputation of an unauthenticated identity. I don't see how that >helps.
The second signer has at least enough to do with the message that it has a real message in hand with permission to re-sign. Remember the problem that got us here in the first place: AOL and Yahoo had security failures that let crooks steal zillions of address books, who then used botnets to send spam to AOL and Yahoo users that appeared to be from other AOL and Yahoo users that they knew. The actual source of the mail had nothing to do with AOL or Yahoo, or any system that had ever gotten mail from AOL or Yahoo. The double signing hack limits the opportunity for trouble to mail systems that have a recent real message in hand. While I can certainly imagine spammy scenarios, it's hard to imagine ones that wouldn't be fairly easy to detect and shut down. If nothing else, if the original sender gets spam reports about double signed mail (there are FBLs that key on DKIM signature) it can tell who's screwing around and stop putting conditional signatures on mail to them. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
