Re: Resign based on verification (RFE #SF2964383)

From: SM <sm_at_resistor.net>
Date: Sat, 24 Apr 2010 02:25:54 -0700

Hi Murray,
At 22:49 23-04-10, Murray S. Kucherawy wrote:
>I just made a comment in the RFE about resigning only if the
>incoming signature verified. It looks like I actually already did
>this in a previous version of the filter, so it's not really an RFE for 2.1.0.

Thanks. Should I consider this RFE as closed?

>The question instead is: Should this capability be built into the
>library rather than letting the application (opendkim, in this case)
>try to figure it out? Right now, if you open a resigning handle, it
>will still complete signature generation in dkim_eom() even if the
>verifying handle tied to it fails. Should there be a flag you can
>set on the resigning handle so that it will also fail in dkim_eom()
>if the verifying handle fails?

It would be a useful feature for people using libopendkim. It's a
good idea to set a flag so that resigning is not done if the
verifying handle fails.

I will probably be resigning every message posted to a mailing
list. I envision a case where people may only want to resign if they
are intentionally invalidating a good DKIM signature. They can then
convey the positive results of the A-R.

>I'm slightly in favour of saying "Yes, this should exist" but I'd
>like to hear what others with API design advice might think.

I too would like from people using the API.

Regards,
-sm
Received on Sat Apr 24 2010 - 09:31:27 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:32:52 PST