Dave,
On 2/6/09 4:20 AM, Dave CROCKER wrote:
Eliot Lear wrote:
> Here, the consumer of this information, the verifier, is warned against
> making use of i=. However, what we are now saying is that practical
> deployment experience requires a stronger warning; that absent
> additional information from the signer that is not exposed by this
> specification, verifiers SHOULD NOT rely on i= as any sort of identity,
> because the value may not be present or stable.
It is common for Errata to provide precise corrections. That means supplying
the exact text that needs to be changed. While a generic "warning" is
comforting, it is not precise.
While I am very much amenable to a different set of text, I do not
accept your characterization of the above text as a generic warning.
The warning is actually quite specific. It says that the value of i=
may not be stable and it may not be present. The guidance cannot be
more specific because how the output of DKIM is used was classed out of
scope by the working group. In this respect, the value of i= is, hence,
no different than, say, a signed header that may or may not be present.
And so I believe we are now debating SHOULD NOT versus MUST NOT, and I
would accept that as well.
Eliot
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html