On Feb 6, 2008, at 11:01 PM, Graham Murray wrote:
Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> writes:
DKIM signatures might be damaged by various gateways. Enterprise
mail gateways may perform Content-Type header fix-ups which damage
a signature, for example.
In which case they SHOULD be validating the DKIM signature before
performing the fix-ups. They are the (incoming) border, so are the
best place to perform DKIM, SPF etc checks.
Gateways might also forward the message or signatures might be checked
at the MUA. These situations make always following your good advice
impossible.
When would it be safe to discard a message with an invalid DKIM
signature?
What is accomplished by a "discardable" assertion?
Who is helped by the "discardable" assertion?
What does this assertion imply, that all messages with invalid
signatures are to be ignored?
Is SSP getting ahead of itself and attempting to become a BCP?
Hector expressed a concern about lessening the value of SSP
assertions. In the case of "discardable", he would be absolutely
right. Perhaps the draft could call this the "sweep dirt under the
rug" assertion. It says nothing about what the signing domain does,
only that they don't care about their domain's messages. If someone
did care, the assertion would be "reject and/or notify" with a
reference to RFC 3464 at least. The "discardable" assertion ensures
most evidence of a crime or a problem becomes lost.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html