> I *think* he was trying to differentiate between:
>
> - A says that he signs everything, and,
>
> - A says that he signs everything and if A's sig is missing/bad A
> would like verifiers to drop/kill/whatever the message.
>
> I've no idea if that 2nd one ought be a requirement for ssp, but I do
> see the difference (and the fact that there're ratholes there!)
Scott has intimated elsewhere that he doesn't believe dictating verifier
action to be a useful approach.
There should not be any requirement in our work here which mandates the
ultimate disposition of an email message based upon verifier results.
However, providing a mechanism which allows a receiver to determine that
something other than what should have been expected has, in fact,
occurred (such as an unsigned message when signing is to always be
expected) -- this is a requirement.
I hope I'm helping because I'm not sure what exactly is being asked for
with "requirements" (sorry, that's just me being dense).
--
Arvel
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html