ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] testing Message Corpus & question for base spec

2006-02-16 14:52:31
from [Bill.Oxley] [Permanent Link] 
"bad signature --> DKIM Failure, local policy will set procedure"
thanks

Bill Oxley 
Messaging Engineer 
Cox Communications, Inc. 
Alpharetta GA 
404-847-6397 
bill(_dot_)oxley(_at_)cox(_dot_)com 

-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Eric Allman
Sent: Thursday, February 16, 2006 4:31 PM
To: Hector Santos
Cc: IETF DKIM WG
Subject: Re: [ietf-dkim] testing Message Corpus & question for base spec



--On February 16, 2006 1:26:10 AM -0500 Hector Santos 
<hsantos(_at_)santronics(_dot_)com> wrote:

Whether you know it or not, you are making indirect technical and
indirect local policy decisions with the assertion:

    "bad signatures --> treat as if no signature was even present"


Yes, you are correct, which is why such wording is (supposed to be) 
no more than a SHOULD or an informative comment.  I do see that there 
are several MUSTs that really ought to be converted to SHOULDs for 
this to be true.  This is a major enough change that I think it 
should have further discussion; I'll ask Elliot to put it on the 
issues list.


So just because you don't want to say anymore about Local Policies
or how invalid DKIM signatures are possible, saying it should be
treated as if as NO SIGNATURE is present, it is making a technical
and local policy decision.

I think it is a failed and flawed design concept and I have not been
convinced that it is not.


Our (or at least My) logic is as follows:  in the short run, we know 
there are agents out there that modify the message in various ways. 
We might argue that they are wrong, but they do exist.  We expect or 
at least hope that DKIM will cause such agents to atrophy.  At some 
point there may be few enough of them that my advice will change, and 
we can consider a bad signature to be a strong sign of probably 
abuse.  But for now I'm a firm believer that to do so would cause far 
too many incorrect rejections.

That said, I do believe that this is verifier local policy, and I 
support your right to implement your code however you deem 
appropriate.

eric
_______________________________________________
NOTE WELL: This list operates according to 
http://dkim.org/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://dkim.org/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] testing Message Corpus & question for base spec, Eric Allman
Next by Date:  Re: [ietf-dkim] testing Message Corpus & question for base spec, Mark Delany
Previous by Thread:  Re: [ietf-dkim] testing Message Corpus & question for base spec, Hector Santos
Next by Thread:  Re: [ietf-dkim] testing Message Corpus & question for base spec, Mark Delany
Indexes:  [Date] [Thread] [Top] [All Lists]