Michael Thomas:
My understanding is that DKIM-base can produce only two results:
signature verification succeeds or signature verification fails.
I may be mistaken, but it seems to me that expanding these two
results into >2 involves information outside DKIM-base.
Part of the problem here, I think, is that it depends on who the result is
for. From a forensics standpoint, broken signatures are clearly a lot
different than no signature. For your average automaton, however, they
should
*never* be taken as different if the difference leads to preferential
treatment
of broken/none (or visa versa).
This is an excellent point. There is a wealth of additional
information. Once there is confidence that it is valid, it should
not be ignored.
But we have to be careful, or else we end up with a chicken and
egg problem.
My analysis takes the position of the automaton, and looks at what
information is available before we declare the wealth of additional
information valid.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html