Open emersion opened 3 years ago
The amount of signatures attached to the message is directly related to the amount of servers that processed it. I believe allowing up to 15 signatures per message is a reasonably safe bet.
The amount of signatures attached to the message is directly related to the amount of servers that processed it.
I don't think so. Only authoritative servers should sign the message (ie. servers which have control over the sender's domain name). Intermediary servers (e.g. mailing lists) shouldn't.
So only a single server in the chain should sign the message. Note that allowing multiple signatures is still useful to allow cryptographic primitives to be gradually deployed (e.g. having messages double-signed with both RSA and ECDSA).
FWIW, OpenDKIM's default is 3.
We'll probably want to expose a
DefaultVerifyOptions
variable to allow users to easily customize the defaults (e.g. keeping the defaultMaxVerifications
but change the defaultLookupTXT
).