Michael Thomas wrote:
That could be a third case for STRONG signing policies.
And this I'm pretty sure leads us down a rathole we don't
want to go. It's just fine for MUA's to do the verification,
but their expectations shouldn't be what drives the standard,
IMO.
Maybe it's a hole that can be blocked elsewhere. Doug found an
interesting way of (ab)using intentionally short expirations.
lots of MDA's torture messages into unverifiable messes
Do they ? Maybe I was lucky, I've never seen that with several
ISPs. Or you're talking about servers that I won't consider as
proper MDA.
It's also possible to say "MUST NOT, but" if it's clear what
the "but" is about.
Or just not say anything as Dave mentions.
If there are forseeable non-nonsense scenarios, where checking
DKIM might not always work as expected, we should mention it
somewhere.
If it turns out we're wrong, we haven't made an irreversable
decision.
As long as the caveats are documented I won't insist on using
MUSTard to make them more interesting than they are... :-) Bye
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html