On 2006-04-28 10:10, Douglas Otis wrote:
: The r= parameter is defined by the signer as a simple number
: of 0-9, where 0 is the default offering the lowest reliance
: level. To ensure control in the case of MUA signing, this r=
: parameter in the signature MUST always be less than or equal
: to the key r= level. If there are no r= parameters found in
: the key, the highest r= parameter allowed in the signature
: would be r=0. An instance where the key r= parameter is less
: than that of the signature, the signature is invalid.
One signer's r=3 might connote a level of verification equivalent to
another signer's r=8. So as a recipient, I'd have to keep track of the
domain, the selector, AND the r value...even though I'll be making my
reputation decision based entirely on criteria of my own choosing. So,
I might as well just ignore the r value.
You're trying to fit reputation policy -- which is a sociopolitical
issue -- into a technical standard. A peg of infinite dimensions into a
hole of intentionally finite dimensions. The likelihood that it'll fit
is infinitely small.
--
J.D. Falk, Anti-Spam Product Manager
Yahoo! Communications Platform Team
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html