Wietse Venema wrote:
Hallam-Baker, Phillip:
FOR DKIM BASE:
We have three possible outcomes: Definitely Genuine, Definitely
Fake and Undetermined
[We can if people think there is value further break down
Undetermined according to probability but bear with me]
My understanding is that DKIM-base can produce only two results:
signature verification succeeds or signature verification fails.
I may be mistaken, but it seems to me that expanding these two
results into >2 involves information outside DKIM-base.
Part of the problem here, I think, is that it depends on who the result is
for. From a forensics standpoint, broken signatures are clearly a lot
different than no signature. For your average automaton, however, they
should
*never* be taken as different if the difference leads to preferential
treatment
of broken/none (or visa versa).
The other part of this is that it's rather misleading to say that the
only outcome
of a positive signature verification is that it verified. Once it
verifies, there's
a wealth of information both in the signature header and the rest of the
message
that is now known to be tied to the signing entity. How that information
is used
is outside of the scope of the DKIM work, but we shouldn't be giving the
impression that it doesn't exist, or that it is improper to take
advantage of,
or anything else like that.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html