As I read the document, if I indicate a "DKIM signing complete"
policy, but never actually send any (signed or unsigned) mail,
then I have achieved the goal set out in requirement #2 from
section 5.3 ("doesn't send mail").
Now I don't object to the requirement itself, but would like
to suggest adding a note something like:
"INFORMATIVE NOTE: The Protocol could achieve this by
publishing a "DKIM signing complete" practice. If such
a practice is published, but no (legitimate) mail is
ever sent, then the resulting system meets this
requirement."
The reasons being that:-
a) I remain worried that since this practice is nothing to
do with signing, there is a real possibility that we may
overlap with some other technology (e.g. SPF or whatever
else) with potentially bad results,
b) I think that having as few policy-knobs as possible is
best (based on experience with X.509 where there are too
many IMO) and this seems like a case where we can usefully
fold two requirements into one such policy-knob, and,
c) I'm fine with the WG deciding later on whether to use
one or two bits for these practices so I don't see a need to
strike the requirement itself (which I agree is a real
requirement, expressed in the way users/operators might
find easiest).
Cheers,
Stephen.
PS: Chair hat is still off - its on the chair beside me:-)
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html