dkim-ops
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [dkim-ops] Yahoo/BellSouth configuration

2009-08-26 15:17:56
from [Murray S. Kucherawy] [Permanent Link] 
-----Original Message-----
From: dkim-ops-bounces(_at_)mipassoc(_dot_)org [mailto:dkim-ops-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of John Levine
Sent: Wednesday, August 26, 2009 11:10 AM
To: dkim-ops(_at_)mipassoc(_dot_)org
Subject: Re: [dkim-ops] Yahoo/BellSouth configuration

But it's also a bug at your end, since the DKIM spec is quite clear
that a signature that can't be verified is equivalent to no signature.
Your fix was the correct one, turn off the buggy code that rejects
mail on a DKIM DNS lookup failure.


I don't agree that this is the right action in all cases, nor that "can't be 
verified" includes transient DNS errors.  I took "can't be verified" in RFC4871 
to mean only "the crypto didn't add up".

If the DNS times out, I think that's inconclusive, and I'd prefer to temp-fail 
in that case.

_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [dkim-ops] Yahoo/BellSouth configuration, John Levine
Next by Date:  Re: [dkim-ops] Yahoo/BellSouth configuration, Murray S. Kucherawy
Previous by Thread:  Re: [dkim-ops] Yahoo/BellSouth configuration, John Levine
Next by Thread:  Re: [dkim-ops] Yahoo/BellSouth configuration, John R Levine
Indexes:  [Date] [Thread] [Top] [All Lists]