I submit that RFC4871 can make assertions about the verifier, but not
about the assessor. I further submit that many assessor implementations
will prefer the benefits of a verifier that provides more than just a
Boolean output.
You're probably right, and that's the problem.
I don't have a legalistic definition of interoperability; I want
implementations to, you know, interoperate. When I sign and send a
message, it'd be nice if I could expect recipients to interpret the
signature consistently. If assessors are likely to do inconsistent things
with parts of the signature, if I want my mail to work, I'd better avoid
those parts.
Your point about some assessors requring a signed subject is a good
example. It tells me that 4871 section 5.4 is underspecified, and 4871bis
should strengthen it to say that you MUST sign the headers that every
message is supposed to have.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html