On Wednesday 12 March 2008 13:06:02 J D Falk wrote:
Scott Kitterman wrote:
When I went back and read it again, I did notice one additional item
I'd suggest changing. In the RFC 4408 definition of Neutral, it also
"A "Neutral" result MUST be treated exactly like the "None"
result; the distinction exists only for informational purposes."
That's actually (IIRC) the only reciever policy MUST in the entire RFC
and I think it's worth repeating here.
Given that many use cases for the Authentication-Results header are also
only for informational purposes, we should ensure that "neutral" and
"none" are still differentiated. This spec doesn't (and MUST NOT)
dictate actions to be taken based on the information.
I suspect we're mostly agreeing, just wanted to make sure.
Mostly. I agree this spec shouldn't dictate actions, but I think it's
appropriate to carry forward ones that are included in the references
definition of the result for completeness and accuracy.
NOTE WELL: This list operates according to