ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] dkim-base-01: 6.2 - DNS error

2006-04-20 16:55:03

On Apr 20, 2006, at 3:53 PM, Michael Thomas wrote:

On 04/19/2006 23:51, Jim Fenton wrote:

This points out another problem: if a verifier defers verification or acceptance of a given message, it SHOULD maintain enough state so that
the message may be accepted after some number of retries, so that
messages with key retrieval problems are not rejected entirely.

WRT your point, I agree. Perhaps we need to add another bit along the lines of, "If an email is deferred based on lack of response to the query for the public key, the verifier SHOULD NOT indefinitely defer the message. While messages SHOULD be deferred for temporary DNS issues, lack of response to a query for a public key alone SHOULD NOT result in messages being permanently rejected."

Hold on a sec... with normal 400's the sender is the one who's supposed to eventually give up, not the receiver. For a DNS entry that keeps timing out, why should we
special case this?

An apparent server fault of the signer should not have a special case where the receive stops deferring. I agree with Mike, the transmitter should report a delivery failure, where the faulty equipment is then repaired once reported. It would seem rather bad to effectively ignore such failures, especially when the alternative may be to place the message into the junk folder.

-Doug


_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html