----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
I'm afraid that this is a pretty fundamental misunderstanding
of what dkim-base does and does not provide. DKIM-base does
not say whether a given message is valid: that is not
something that it can say with any accuracy. It does
provide a mechanism for a receiver to determine whether one
or more dkim signatures are valid. How those (in)valid
signatures are evaluated by the receiver is out of
scope of the protocol.
I prefer not to rehash all of this because it is already obvious people will
read only what they want to read, twisting or turning the way they want it,
filtering out the rest, etc.
I'll wait until the next draft leaving you with this:
By far, the industry direction for security is to preempt failure and
problems before passing the buck to the user. There is no question this is
the direction across the board in the security market simply before we have
a long history to know the other ways did not work very well. You can try
to force an one-sided meaning into what you think DKIM-BASE should be but
rest assured if its doesn't SOLVE a problem it won't be used and if it
creates problems, people will take matters into their hands.
Hector Santos, Santronics Software, Inc.
NOTE WELL: This list operates according to