> -----Original Message----- > From: John R. Levine [mailto:[email protected]] > Sent: Wednesday, October 20, 2010 5:08 PM > To: Murray S. Kucherawy > Cc: [email protected] > Subject: Re: [ietf-dkim] double header reality check > > > Here's maybe a better way to frame the question: Should we empower > > ourselves to label a DKIM implementation that doesn't do format > > enforcement as (a) non-compliant, or (b) low-security/low-quality? > > The latter. Hey, we agree. I think I always said SHOULD rather than > MUST.
Damn, lost it. I think we should talk about it, and even in detail, but without using those words. And I'd be fine converting the MUA advice to which you refer into something more general, like hammering home the point about what exactly a validated signature is telling you, and leave it to the implementers of those modules to figure out what to do with that information. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
