ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] mutant message validation, was Base issue: multiple linked signatures

2007-01-05 11:57:54
Wietse Venema wrote:

John Levine:
I agree that we are not dictating local policy.  But I really think that
it's our job to dictate the definition of what the signature validation
algorithm is.  As I've said before, everyone remains free to do whatever
they want with messages whether or not the signature verifies, including
applying various heuristics to develop opinions about unsigned messages.

Perhaps some people are confusing verification and presentation.

Verification: it is critical that all DKIM verifiers agree on what
is a valid DKIM signature, without falling back on heuristics, such
as heuristics to repair messages.

Presentation: after the valid/invalid decision is irevocably made,
it is up to application/policy to decide how/if things will be
presented to users.  Heuristics of various sorts can be useful in
this domain, such as message repair, known signer associations,
etc., but those heuristics must not determine the validity of the
DKIM signature.

MAJOR +1!!

For me, there needs to be a reason to add DKIM verification. Signing might come afterwards after we see how VERIFICATION works. I prefer not to get into the "labeling" game, either the purported DKIM message is acceptable or not. This is why we need to get the "SSP" concept squared away because I am afraid that too much failures will hurt DKIM ultimate wide adoption. I am still convince that most people are not going to sign mail if the ROUTE it takes is proven to break the integrity of the mail. So DKIM will be mostly benefitial atleast at the early state for specific routes, mostly 1 to 1 routes. But thats my opinion.

---
HLS



_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>