ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: dkim-base-01 nits and semi-nits

2006-05-01 19:02:06

----- Original Message -----
From: "Jim Fenton" <fenton(_at_)cisco(_dot_)com>
To: "Eric Allman" <eric+dkim(_at_)sendmail(_dot_)org>
Cc: "Mark Delany" <MarkD+dkim(_at_)yahoo-inc(_dot_)com>; 
<ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Monday, May 01, 2006 7:59 PM
Subject: Re: [ietf-dkim] Re: dkim-base-01 nits and semi-nits


"Treat as unsigned" seems a little ambiguous when there might be
multiple signatures.  It might be interpreted as "treat the message as
though it is completely unsigned" as opposed to "consider this signature
invalid" which I think is your intent.

Jim,

I hope not.

I understand the proposed pseudo procedure to handling multiple signatures,
looking for one that "works,",  but it completely fascinates me to think how
failure state information can be ignored.

How can one treat, view or interpret a failure signature as "unsigned" when
in fact, it was signed?

Continuing processing is one thing,  but treated it as it never happen?  I
fail to see this logic. Even if not rejected, but logged or flagged, that is
not treated it as it was unsigned.

If I was a domain signer, and I was responsible for this mail with my
reputation on the line, I would want the verifier to prune all failures
because it was not what I expected and I don't want potentially harmful
mail, which is probably isn't mind to begin with, reaching the intended
end-user.

And even if the verifier is not going to reject, I certainly do not want it
to ignore the fact there was a failure with mail purported to be from
domain.

So what or how should the verifier do?  What is expected of them by domain
signers?

I can only see this work if the verifiers gets help from the domain itself
having an email policy that tells verifiers how to handle failures.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com






_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html