On Dec 6, 2007, at 9:29 AM, Michael Thomas wrote:
The specific issue is whether *any* DKIM signature from *any* domain
should be sufficient to qualify for "strict" or "all".
Do you agree with that or not?
This question appears to miss the point. When examining the domain of
the From, a valid signature by that domain on behalf of _any_ header
should be sufficient to comply with a "strict" assertion. The only
exception need would be for restricted keys. As Originating Signature
is defined, this is not the case.
Dave's comment was about DKIM offering evidence of a domain's
responsibility. This concept has been missed by the current
definition for Originator Signature. Messages that are not signed or
signed by different domains would be a separate issue. The "all"
assertion requires _at least a valid_ signature acceptable to the
verifier. At least the definition for "all" is correctly at the domain.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html