Murray, et al,
Useful responses. Thanks. THey prompt some more questions.
And the other line of question is about having different folks signing
different sets of fields. Is that variation important? How? And how
can/should they be distinguished by the validator/filter?
I would think the verifier could be given a list of headers which, if
present, MUST be signed. If for example the verifier wants all From
headers to be signed and it gets a message whose signature verifies but
From wasn't signed, the verifier SHOULD act as though the signature was
not present.
1. How would the verifier be given a list? Via the BCP you cite, or something
else?
2. Is there only one list, or for example, might different styles of messaging
produce different set of required (or expected) signatures?
This is all local policy or BCP stuff though, not something the base
specifications necessarily need to address.
3. Absent a BCP or the like, is there a problem with having -base be silent on
list any required fields (other than From)?
The basis for this question is the concern that publishing -base without a
list would produce different signing choices and a confusion of how to interpret
those differences, or a failure to handle them differently.
d/
ps. Should we be worried at how few responses have shown up on this list?
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev