On Sat, Jul 08, 2006 at 11:35:41PM -0400, Tony Hansen allegedly wrote:
Eric Allman wrote:
The point here is that the verifier is allowed to convey authentication
status in the header. Why is this not a MAY?
I know that there is a push against being specific here as to what is
added, but I think we really need to keep this concept alive and well.
If we were being specific about using Authentication-Results, I'd even
want to make it a SHOULD or even a MUST. But just because we've watered
it down this much doesn't mean we should get rid of it entirely.
Keep it a MAY at the minimum.
As an alternative, does it make sense to get more specific and spell
out the Authentication-Results header as much as is needed and then
when the real Authentication-Results spec comes along can it say
"supersedes the definition in DKIM" or some such?
We could even go so far as to spell out that anticipation if it helps.
NOTE WELL: This list operates according to