----- Original Message -----
From: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
(As an aside - I could imagine someone wanting to allow SSP to say
something like "if you encounter error <foo> when processing a
message apparently from me, then I'd recommend that you <bar>"
and where we'd define a foo="unsupported sig-alg" and maybe have
bar="barf". But that leads down the mandating-recipient-behaviour
rathole and may be better tried out via whatever extensibility
mechanism ends up in SSP.)
I view this not as a mandate, but as a declaration or an "advisement" of not
wanting to take responsible for any failure seen based on some possible
mispresentation.
Sort of like:
"if you find an error <foo> from a signed message purported from
me, please do me a favor and yourself a favor and get of it.
We will not be responsible for it, but if you want to keep it
thats up to you."
After all, why go thru the trouble of signing the message if you don't care
for the disposition of the message? Signing a message should have a reason
and purpose behind it. No? The "Cross my finger, hope I make it" just seems
really risky.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html