On 10/07/2010 03:40 AM, Charles Lindsey wrote:
On Wed, 06 Oct 2010 13:00:25 +0100, Steve
Atkins<steve(_at_)wordtothewise(_dot_)com>
wrote:
On Oct 6, 2010, at 1:47 AM, Mark Delany wrote:
Right. We could attempt to enumerate the 1,000 edge-cases we know
today and then re-bis 4871 for the additional 1,000 edge-cases we
learn tomorrow, or we could simply say that invalid 2822 messages
MUST never verify and call it a day.
To comply with that MUST every DKIM verifier would have to
include a full 5322 verifier. That's a fairly high bar.
No, that is not true, as I have demonstrated in the text I have proposed.
You only need to look at whatever headers are actually mentioned in the
"h=" tag of the signature, and you only need to verify those properties of
those headers that could lead to trouble, and that would seem to be a
simple count of the number of occurrences of those headers.
I'm with Steve on this one. Forcing implementations of DKIM to
determine whether a message is compliant is a pretty high bar. I
for one wouldn't be in any particular big hurry to add a batch of
code to insure that that MUST was fulfilled. I doubt anyone else
would be either. The net effect of this MUST would be to make a
lot of compliant DKIM implementations non-compliant. And for what?
I'd say that it would be better to just say that if you sign a
non-compliant 5322 message that its verification is undefined,
and move on. That at least matches reality, and hasn't hurt
anything that I'm aware of.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html