I'd like to rein in discussion a bit, here. Or, perhaps more
accurately, separate the threads. It's fine if folks want to talk
about the relative value of some kinds of signatures relative to
others, and so on -- that sort of thing actually is on our charter.
But it's a separate item from getting an implementation and
interoperability report done.
To that end, let's make sure we keep the threads separate. John's
comment, to which I'm replying here (see below), is the sort of
comment that will help finish the implementation report. Let's take
comments about what we think the report tells us about the efficacy of
DKIM... to separate threads. Thanks.
Barry, as chair
On Fri, Oct 1, 2010 at 11:04 PM, John R. Levine <johnl(_at_)iecc(_dot_)com>
wrote:
If this is the #1 reason that verifications fail, would there be room
for a new canonicalization scheme, to improve verification rates?
Seems to me it would be more appropriate to add a note saying something
like be sure your headers are all RFC 5322 compliant before signing,
including arcana such as quoting rules in address fields, to avoid
signature failures due to helpful relay MTAs fixing the quoting errors on
the way through.
As far as figuring out who's doing what, it's hard to think of anything
better than running a bunch of deliberately marginal messages through a
variety of MTAs and see what happens. A couple of years ago I set up a
forwarding project, in which I asked people to set up different MTAs to
forward mail back to me, just so we could find out about this kind of
stuff. The code has suffered severe bit rot but if people really wanted
to use it, I could probably resuscitate it.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html