On Thu, 21 May 2009 17:08:12 +0100, Dave CROCKER <[email protected]> wrote:
> Eliot Lear wrote: >> On 5/21/09 5:45 PM, Dave CROCKER wrote: >>> There is no concept of "responsibility for information behond l=". >> >> Sure there is. It is simply "unsigned" beyond the value of l=. > > You appear to be confusing the difference between the internals of how > DKIM > determines whether there is a valid signature, from fine-grained (output) > semantics about the message. DKIM merely says that a valid signature is > present or it isn't. It makes no statement about differential coverage > of the > message. Rubbish! If the verifier reports there is no valid signature (or the signature that is present is broken), then all bets are off. But if it reports that a valid signature exists, then a perfectly reasonable question, to which the verifier should be prepared to answer, is "Fine, so exactly what is it that was signed?". And since DKIM defines very clearly what is covered by the signature (a list of headers, plus part or the whole of the body), that is clearly useful information which DKIM has conveyed and attested. Sure, the Spec does not say that is useful information, but why should it? It is Blatantly Obvious! Surely you do not suppose that a signature which covers only the From header (and that is a perfectly valis signature according to the document) is to be accepted as equally valuable to a signature that covers everything. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: [email protected] snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
