--- Jim Fenton <[EMAIL PROTECTED]> wrote: [ re localpart ]
> In a previous message you wrote: > > >The g= is an admittedly crude attempt to constrain the use of delegated keys > >and is not intended to be of particular interest to a verifier above and > beyond > >ensuring the constraint is complied with as part of the verification rules. > > > > > Don't you need to look at the localpart to determine whether the g= > constraint was complied with? If the answer is "yes, to determine if > they match, but I'm not going to do anything else with localpart" than > we're in agreement. Quite so. The localpart and g= are two of the inputs into the verification logic. The outcome is either "email is verified" or "email is not verified". I see that form of verification failure as comparable to a selector lookup failure or a malformed signature line. Sure. For diagnostics reasons one may want a more fine-grained explanation of the verification failure, but in many cases one can only guess as to the true cause. Was it really a g= vs localpart mismatch or did some "helpful" transit MTA re-write the signature line incorrectly? Mark. _______________________________________________ ietf-dkim mailing list http://dkim.org
