ietf-dkim
[Top] [All Lists]

[ietf-dkim] suspicious and SUSPICIOUS

2007-10-01 08:50:00
Charles Lindsey wrote:
Now the ultimate recipients see A's signature (no longer good), plus A's policy. So the message is on the face of it "suspicious". So what is the recipient supposed to do? He is a member of the list, and is happy to trust the list maintainer, and can check the 2nd signature. But he is still receiving conflicting advice.

This is something that I also took away from the draft. "strict" + broken/missing
signature is much more suspicious than "all" + broken/missing signature. My
suggestion would be to tie the "suspicion" to the expectation: eg suspicious/strict
and suspicious/all.

The only real solution to this problem is for B to add an Authentication-Results header (see the Mail-Vet-Discuss mailing list), and to incluide that header in is own signature. Maybe that is veering off topic for this list, but at least there should be a pointer to that sort of possibility.


This doesn't work in the abstract because Auth-res isn't necessarily trustable across domains, and in fact I often don't trust who produced it even if it could be authenticated.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html