----- Original Message -----
From: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Those are not in conflict. As I read it the requirement states that
an SSP lookup MUST NOT be REQUIRED (== is OPTIONAL) when a valid
first party signature is present.
I guess rephrasing it as follows might make you happier:
The Protocol MAY be invoked when a valid first party signature
is present.
[INFORMATIVE NOTE: The expectation is that most implementations
will not (always) invoke the protocol in this case.]
IMO those are equivalent, so I don't mind which gets used. Maybe
others prefer one over the other or don't agree about equivalence?
I read it as optional too, and that's how will use it for our design too
(SSP first)
[Quick Response]
Maybe we have two requirements here:
The PROTOCOL MAY BE invoked prior to verification as
a pre-requisite for requirement 2, 3, 4 and 7.
The PROTOCOL IS NOT required to be invoked when a 1st party
signature is detected.
My suggestion is to remove it and allowed the designers to decide how they
want to do it or maybe split it because I think its two different things.
[Optional Detail Response}
As it stands now, to me, it doesn't sound like it fits when you compare it
against the following requirements:
2. The Protocol MUST be able to publish a Practice that
the domain doesn't send mail.
3. The Protocol MUST be able to publish a Practice that the
domain's signing behavior is "DKIM Signing Complete"
4. The Protocol MUST be able to publish an Expectation that a
verifiable First Party DKIM Signature should be expected on
receipt of a message.
7. If the Discovery process would be shortened by publication of a
"null" practice, the protocol SHOULD provide a mechanism to
publish such a practice.
If you have no signature, then there is nothing to verify.
This seems to all say that maybe we need a nemesis of "DKIM Signing
Complete" called "DKIM Verifier Complete" <g>
So it seems to me that you have 4 out of 10 requirements, that conflicts
with the "MUST NOT be required to be invoked" requirement because in order
to satisfy 4 of them, you need to do a lookup to handle the cases where
there is no signature in the message.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html