Tony Hansen wrote:
Dave, I disagree. We are defining how to verify a message. If we agree
that the mechanism below is a reasonable step to perform, it's still
just one more step in the verification process.
Tony,
Do you disagree that it is a heuristic? If so, please point me to the document
-- preferably standard -- that specifies the format that will be checked and
suggest what percentage of mail, of that class, will be covered by this mechanism.
My point in noting that this is a heuristic is not to say that heuristics are
not useful. Heuristics are wonderful.
However they are poor -- or at least dangerous -- for use within core algorithms
of an interoperability specification. A heuristic is a guess. You are
supporting the use of guesswork in a core algorithm for DKIM.
If it is really not a problem to have heuristics in a basic algorithm such as
signature validation, then we ought to be able to find a solid history of their
standardized use in interoperability protocols, preferably in IETF.
If we cannot find that history, we ought to be rather cautious about their
inclusion in DKIM's basic validation mechanism.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html