'making this up as I go' is really exactly the problem. multiple
signatures moves from one entity taking responsibility to some
unknown combination of responsibilities, ensuring substantially
greater complexity in the overall system. What are the relationships
among the signers? How much does the validator care and in what
way? etc.
This dilemma is completely possible today by
inspecting the ip addresses in received headers. Somehow
the world has continued rotating,
Could have sworn we were talking about formal standards and what works
for them, rather than what kinds of informal heuristics people use.
Please cite a standard that has that specifies the kind of trust
ambiguity you are promoting.
The mail system today shows it is
far more resilient than is being given credit for.
could have sworn the purpose of this exercise is to tighten up
accountability, rather than demonstrate that things can continue to work
in the face of extensive ambiguity.
ps. the small matter of transitions, such as between different
signing keys, is really the argument that convinced me we needed
multiple signatures. but that is a "find one valid signature" rather
than :"analyze the relationship among multiple".
There's intermediate ground between "find one" and "analyze
the relationship" too. One can treat them as independent
entities for input to a rules engine too.
one "can do" many different things. the purpose of a standard is to
specify specific ones.
d/
_______________________________________________
ietf-dkim mailing list
http://dkim.org
