[Top] [All Lists]

Re: [ietf-dkim] Collection of use cases for SSP requirements

2006-11-17 14:09:12
On Fri, 17 Nov 2006 12:27:43 -0000, Wietse Venema <wietse(_at_)porcupine(_dot_)org> wrote:

Hallam-Baker, Phillip:
We have three possible outcomes: Definitely Genuine, Definitely
Fake and Undetermined

[We can if people think there is value further break down
Undetermined according to probability but bear with me]

My understanding is that DKIM-base can produce only two results:
signature verification succeeds or signature verification fails.
I may be mistaken, but it seems to me that expanding these two
results into >2 involves information outside DKIM-base.

No, there is a lot more than that.

There is 'signature absent'
         'signature present but invalid'
For failed signatures there is
         'the failure was in the header/the body/both'
For good signatures there is
         'the headers that were signed were the ones expected to be signed'
         'the length of the body was longer than the l-tag said'

Which of these are relevant to automatic decision making, and which only for forensics, is a question for imploementors of verifiers. Experience may show that all sorts of unexpected scams can be caught by looking for obscure cases.

Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web:
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
NOTE WELL: This list operates according to