[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Dave Crocker
Well, at least I have. If a recipient gets a message with a valid
signature, they never need to look up an SSP record. That
refutes your
statement pretty fully, doesn't it?
I have no idea.
The discussion is about algorithm transitions. Those aren't
interesting things to talk about unless there is a signature.
My understanding of the current topic is that it pertains to
an SSP query that is only worth making when there is a signature.
You thus exclude precisely the two cases at issue here:
1) There is a signature that is not considered strong enough
2) There is a signature that uses an unknown algorithm
You conflate both these cases with the case that there is no signature at all.
The difference here is that the policy you appear to propose tells you only
when you should expect to find a signature on a message while the policy myself
and others want to implement tells you when you should expect to find a
signature that is acceptable to you on a message.
Some of the discussion seems to be about having a signature
that is valid but not "strong enough". That might not be a
scenario that you have in mind, but it sure seems to be one
that is being discussed.
That is the less problematic case, the more problematic case is there is a
signature that is completely bogus which you are unable to detect as bogus.
Under my scheme the verifier can continue to work as if the new signature
algorithm never existed. Under your status quo scheme the verifier can be
bamboozled when this is avoidable.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html