On Wed, 2008-06-25 at 13:13 -0400, J D Falk wrote:
On 19/06/2008 18:28, "Murray S. Kucherawy" <msk(_at_)sendmail(_dot_)com>
wrote:
My theory is that DKIM only applies to valid 2822 messages, and
it's not
a substitute for a sanity check for all the screwy things one can
send
in a non-conformant message. Perhaps it would be a good idea
someday to
collect experience and advice into an implmentation guide, but
other
than that, it's not our problem. Agreed?
+1,
+1
and I would go even further to say that we should have an errata
item
against RFC4871 which says we should add that DKIM presumes a
properly-formed RFC2822-style message, and that its application to
other
messages produces undefined results.
+1
Erm, surely a verifying mechanism's response to any non-verifiable
message must be _defined_ to be "non-verifiable". It would seem that a
verifying mechanism is completely useless if there exists _any_ input
which elicits an undefined response; in all cases the rule must be
"answer verified if verification is successful, non-verifiable
otherwise".
This doesn't mean that the ADSP spec (or even the DKIM spec) needs to
add specificity or remove ambiguity in the underlying specs, but ADSP
and DKIM certainly can't include permission to provide random responses
to verification attempts of malformed messages; the rule must be that if
a message is malformed to the extent that DKIM is affected, verification
must be defined to fail (not turn undefined).
No?
- Roland
--
Roland Turner | Product Manager, RealMail | BoxSentry Pte Ltd
3 Phillip Street, #13-03 Commerce Point, Singapore 048693
Mob: +65 96700022 | Skype: roland.turner | Fax. +65 65365463
roland(_dot_)turner(_at_)boxsentry(_dot_)com | www.boxsentry.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html