On Thu, 21 May 2009 17:08:12 +0100, Dave CROCKER <dhc(_at_)dcrocker(_dot_)net>
wrote:
Eliot Lear wrote:
On 5/21/09 5:45 PM, Dave CROCKER wrote:
There is no concept of "responsibility for information behond l=".
Sure there is. It is simply "unsigned" beyond the value of l=.
You appear to be confusing the difference between the internals of how
DKIM
determines whether there is a valid signature, from fine-grained (output)
semantics about the message. DKIM merely says that a valid signature is
present or it isn't. It makes no statement about differential coverage
of the
message.
Rubbish!
If the verifier reports there is no valid signature (or the signature that
is present is broken), then all bets are off. But if it reports that a
valid signature exists, then a perfectly reasonable question, to which the
verifier should be prepared to answer, is "Fine, so exactly what is it
that was signed?". And since DKIM defines very clearly what is covered by
the signature (a list of headers, plus part or the whole of the body),
that is clearly useful information which DKIM has conveyed and attested.
Sure, the Spec does not say that is useful information, but why should it?
It is Blatantly Obvious!
Surely you do not suppose that a signature which covers only the From
header (and that is a perfectly valis signature according to the document)
is to be accepted as equally valuable to a signature that covers
everything.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html