"bad signature --> DKIM Failure, local policy will set procedure" thanks
Bill Oxley Messaging Engineer Cox Communications, Inc. Alpharetta GA 404-847-6397 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Allman Sent: Thursday, February 16, 2006 4:31 PM To: Hector Santos Cc: IETF DKIM WG Subject: Re: [ietf-dkim] testing Message Corpus & question for base spec --On February 16, 2006 1:26:10 AM -0500 Hector Santos <[EMAIL PROTECTED]> wrote: > Whether you know it or not, you are making indirect technical and > indirect local policy decisions with the assertion: > > "bad signatures --> treat as if no signature was even present" Yes, you are correct, which is why such wording is (supposed to be) no more than a SHOULD or an informative comment. I do see that there are several MUSTs that really ought to be converted to SHOULDs for this to be true. This is a major enough change that I think it should have further discussion; I'll ask Elliot to put it on the issues list. > So just because you don't want to say anymore about Local Policies > or how invalid DKIM signatures are possible, saying it should be > treated as if as NO SIGNATURE is present, it is making a technical > and local policy decision. > > I think it is a failed and flawed design concept and I have not been > convinced that it is not. Our (or at least My) logic is as follows: in the short run, we know there are agents out there that modify the message in various ways. We might argue that they are wrong, but they do exist. We expect or at least hope that DKIM will cause such agents to atrophy. At some point there may be few enough of them that my advice will change, and we can consider a bad signature to be a strong sign of probably abuse. But for now I'm a firm believer that to do so would cause far too many incorrect rejections. That said, I do believe that this is verifier local policy, and I support your right to implement your code however you deem appropriate. eric _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
