--- Jim Fenton <fenton(_at_)cisco(_dot_)com> wrote:
[ re localpart ]
In a previous message you wrote:
The g= is an admittedly crude attempt to constrain the use of delegated keys
and is not intended to be of particular interest to a verifier above and
beyond
ensuring the constraint is complied with as part of the verification rules.
Don't you need to look at the localpart to determine whether the g=
constraint was complied with? If the answer is "yes, to determine if
they match, but I'm not going to do anything else with localpart" than
we're in agreement.
Quite so. The localpart and g= are two of the inputs into the verification
logic. The outcome is either "email is verified" or "email is not verified". I
see that form of verification failure as comparable to a selector lookup
failure or a malformed signature line.
Sure. For diagnostics reasons one may want a more fine-grained explanation of
the verification failure, but in many cases one can only guess as to the true
cause. Was it really a g= vs localpart mismatch or did some "helpful" transit
MTA re-write the signature line incorrectly?
Mark.
_______________________________________________
ietf-dkim mailing list
http://dkim.org