Douglas Otis wrote:
3) MUST store the results of the verification process if results of
the verification process will be used for some later process
A viewer may log these events, but should not predicate assurances on
less trustworthy result notations. Using untrustworthy results would
be foolish as well.
Security is rarely a binary problem, and this is no different.
Verification results that I put
in a log or a database --- where's the problem here? Markups in the
message store like flags
and other such things -- where's the problem here? We don't need to drag
in Auth-Res here
especially since it's not in scope.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html