ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Issue: Requirements #9 NOT REQUIRED for 1st party valid signatures.

2006-08-11 02:40:14

----- Original Message -----
From: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>

Those are not in conflict. As I read it the requirement states that
an SSP lookup MUST NOT be REQUIRED (== is OPTIONAL) when a valid
first party signature is present.

I guess rephrasing it as follows might make you happier:

 The Protocol MAY be invoked when a valid first party signature
 is present.

  [INFORMATIVE NOTE: The expectation is that most implementations
   will not (always) invoke the protocol in this case.]

IMO those are equivalent, so I don't mind which gets used. Maybe
others prefer one over the other or don't agree about equivalence?


I read it as optional too, and that's how will use it for our design too
(SSP first)

[Quick Response]

Maybe we have two requirements here:

     The PROTOCOL MAY BE invoked prior to verification as
     a pre-requisite for requirement 2, 3, 4 and 7.

     The PROTOCOL IS NOT required to be invoked when a 1st party
     signature is detected.

My suggestion is to remove it and allowed the designers to decide how they
want to do it or maybe split it because I think its two different things.

[Optional Detail Response}

As it stands now, to me, it doesn't sound like it fits when you compare it
against the following requirements:

   2. The Protocol MUST be able to publish a Practice that
      the domain doesn't send mail.

   3. The Protocol MUST be able to publish a Practice that the
      domain's signing behavior is "DKIM Signing Complete"

   4. The Protocol MUST be able to publish an Expectation that a
      verifiable First Party DKIM Signature should be expected on
      receipt of a message.

   7. If the Discovery process would be shortened by publication of a
      "null" practice, the protocol SHOULD provide a mechanism to
      publish such a practice.

If you have no signature, then there is nothing to verify.

This seems to all say that maybe we need a nemesis of "DKIM Signing
Complete"  called "DKIM Verifier Complete"  <g>

So it seems to me that you have 4 out of 10 requirements, that conflicts
with the "MUST NOT be required to be invoked" requirement because in order
to satisfy 4 of them, you need to do a lookup to handle the cases where
there is no signature in the message.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>