It appears that Dave Crocker <[email protected]> said: > 3. The preface to the conclusion text you offered is that it is > applicable ONLY AFTER trying the first path.
We did that, it's called DKIM. The combination of things we want to do in DKIM2 or EKIM or whatever we call it provide much stronger assertions to message recipients than DKIM does. I do not think it makes sense to try to pick them apart, since they're designed to work together, a chain of signatures linked via the envelope addresses and the modification algebra. While there are certainly syntactic ways to squash this into an existing DKIM signature, the semantics are very different, "the hash matched" vs "the hash matched and the envelope chain matched and the modification undo matched all the previous signature hashes." With only one kind of signature you can't tell what it means without a lot of kludgy heuristics. If the old and new signatures are different, there's no question what each one means. While I realize you probably disagree with this, I think we get to try it and if we fail, we fail. R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
