Scott Kitterman wrote:
When I went back and read it again, I did notice one additional item
suggest changing. In the RFC 4408 definition of Neutral, it also
"A "Neutral" result MUST be treated exactly like the "None"
result; the distinction exists only for informational purposes."
That's actually (IIRC) the only reciever policy MUST in the entire RFC
and I think it's worth repeating here.
Given that many use cases for the Authentication-Results header are also
only for informational purposes, we should ensure that "neutral" and
"none" are still differentiated. This spec doesn't (and MUST NOT)
dictate actions to be taken based on the information.
I suspect we're mostly agreeing, just wanted to make sure.
NOTE WELL: This list operates according to