Hector Santos wrote: > Jim Fenton wrote: > >> Jon Callas wrote: > >> >>> In short -- saying "I sign everything" with a non-existent or bogus >>> key is the same thing as saying, "You'll never see a valid one of >>> these." >> >> But I agree with this statement, which I think is your main point. > > Sure, but unless I am missing a changing of philosophy, this goes > against DKIM-BASE "ignore failures" design. > > I was under the impression, the whole point of the SSP layer is to > give DKIM domains and verifiers some authority to handle the DKIM > signature expectation violations. > > Is that what we want? change the semantics of DKIM-BASE?
No, this doesn't change the semantics of DKIM-BASE. The DKIM-Base "ignore failures" philosophy is basically "an invalid signature is exactly the same as no signature at all: no better and no worse." What we're talking about is how the missing/invalid signature case is handled. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
