On Apr 20, 2006, at 11:34 AM, Jon Callas wrote:
On 19 Apr 2006, at 10:14 AM, Paul Hoffman wrote:
What is the interoperability or harm-limiting purpose of verifiers
checking x= values? If there is none, the sentence above needs to
be a MAY.
I don't want to torture people with my reasoning, but x= needs to
be a MAY, but for possibly different reasons.
My reasons are that I don't think that an implementer needs to
"carefully weigh" whether to implement x=. I think that casually
weighing it is just fine. I've been thinking a lot about uses for
x=, and some of them might allow someone to game DKIM against other
parts of a mail filtering system. And yes, I know that this comes
close to conflating SHOULD-implement vs. SHOULD-deploy, but I would
not think ill of an implementor whose decision was "I don't
understand it well, so I'm not implementing it," which is the
antithesis of SHOULD.
The jabber chat concluded MAY...
There is also a downside ignoring x= when forwarding mail. Safe
solutions for this involve changing the way MTAs operate. Gaming is
also possible when not paying attention, especially when invalidated
signatures offer a basis for rejection. When this happens down-
stream, MTAs not paying attention will be left dealing with DSNs.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html