Michael Thomas wrote: >> That could be a third case for STRONG signing policies. > And this I'm pretty sure leads us down a rathole we don't > want to go. It's just fine for MUA's to do the verification, > but their expectations shouldn't be what drives the standard, > IMO.
Maybe it's a hole that can be blocked elsewhere. Doug found an interesting way of (ab)using intentionally short expirations. > lots of MDA's torture messages into unverifiable messes Do they ? Maybe I was lucky, I've never seen that with several ISPs. Or you're talking about servers that I won't consider as proper MDA. >> It's also possible to say "MUST NOT, but" if it's clear what >> the "but" is about. > Or just not say anything as Dave mentions. If there are forseeable non-nonsense scenarios, where checking DKIM might not always work as expected, we should mention it somewhere. > If it turns out we're wrong, we haven't made an irreversable > decision. As long as the caveats are documented I won't insist on using MUSTard to make them more interesting than they are... :-) Bye _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
