Dave Crocker wrote:
Murray, et al,
1. How would the verifier be given a list? Via the BCP you cite, or
something else?
IMO, this touches base with SSP (domain policy ideas) which is no
secret, I believe is an important aspect of helping put it all "together."
But in general, I believe you are dealing section 5.4. It provides some
guidance, but I think it is subjective.
2. Is there only one list, or for example, might different styles of
messaging produce different set of required (or expected) signatures?
A few default strategies:
- non-mailing list transactions:
From:
To:
Subject:
Date:
Message-Id:
[Sender:]
[Reply-Id:]
- mailing list transactions (3rd party):
From:
To:
Date:
Message-Id:
Sender:
List-Id:
[Reply-Id:]
[DKIM-Signature:] for resigns
3. Absent a BCP or the like, is there a problem with having -base be
silent on list any required fields (other than From)?
I personally think it should be more fundamental with a discussion on
the typical basic fields of an "electronic message", i.e., From:, To:,
Date: and Subject: These are essentially guaranteed to be part of all
mail systems.
The basis for this question is the concern that publishing -base
without a list would produce different signing choices and a confusion
of how to interpret those differences, or a failure to handle them
differently.
Well, sure, I haven't check in recent months, but during R&D, it did
raise my eyebrow seeing some messages signed with all headers or headers
that were subject to change or removal. This was particularly difficult
to cipher when they were multiple signatures. So sure, guidance should
be stipulated for some default headers to be considered depending on the
route a message may take (direct or mailing list).
---
HLS
_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev