[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Frank
Ellermann
Hallam-Baker, Phillip wrote:
The receiver decides how to interpret that information. It must be
very clear (a MUST) that I sign all is not the same as
instructing the
receiver to do an automatic reject. That is why I don't want to see
anything that smacks of telling the receiver what to do.
This message apparently contradicts itself. There's no such
"MUST" in "I sign all", and it's perfectly okay if receivers
decide to reject unsigned "I sign all" mails. If they decide
to accept it anyway it's most likely silently dropped later,
or bounced to innocent bystanders (1), and that would be bad.
We are writing instructions to the authors of the software packages, not the
operators of such.
A DKIM signature verification package which automatically bounced messages that
failled sig verification would be broken in my view.
An operator at an ISP who set the policy automatic bounce for Paypal, Ebay and
some others would be entirely sensible. It would not be good to have that
option at the SEC or any other regulatory body that accepts statutory notices.
I think we can actually come to consensus here. Despite the amount of heat we
are actually saying compatible things. Its just a question of the right level.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html