> That customer brought up an interesting point. "t=y" could also be useful > for messages whose signatures do verify. Specifically, it could be used by > a signer to say "It's possible this message shouldn't have been signed by > us. Please don't give it any preferential treatment based on our name's > reputation if the signature verifies, which could then tarnish our > reputation."
"Should't have been signed by us" clearly can't mean that someone stole the private key or otherwise hacked things, so you're saying, "Our processes might not be set up right, and we might be signing crap sent by bad guys. Give us a break until we get things straight." > Any comments about this? I talked to Dave last week as we happened to be at > the same event, and he thought this warranted a new erratum against RFC6376. No, it absolutely doesn't, and please don't do that. This was not something that had been considered during the development of 6376, but didn't make it into the document correctly. You might consider that it's something that *should* have been considered, and oops, we blew it... but that's not what the errata system is for. There's a DKIM wiki and issue tracker still available on the former working group's tools page ( http://tools.ietf.org/wg/dkim/ ), and we can change the permissions on the issue tracker if folks want to use that to track these sorts of things for future updates. But more to the point, it seems that this isn't a specific "we're testing our system" issue, but a separate issue related to reputation: "Do not use signatures made with this key as input to your evaluation of our reputation." It would seem best to propose a new tag, in a DKIM extension, for that purpose, rather than re-using and overloading t=. Barry _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
