-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Jim Fenton
Sent: Tuesday, October 12, 2010 9:53 PM
To: IETF DKIM WG
Subject: [ietf-dkim] Last call comment: Changing the g= definition
Between June 1 and September 1, 2010, Cisco received invalid signatures
from 632 domains with "inapplicable keys" (meaning a g= mismatch). For
comparison, during that same period we received valid signatures from
33054 domains. [...]
We don't track selector names, but our numbers are for the last six weeks,
during which time we saw 18198 unique signing domains and 370 unique domains
that sent signatures which failed due to the same cause. Very similar data.
Going back to the proposed change, it would create an ambiguity in the
spec: If a domain has a selector record with g=; and no v= tag, the
verifier MAY return a pass result. Or it MAY return a fail result. We
don't know what to expect; the result is undefined. Signers are not
well-served by mechanisms that don't consistently work.
We're talking about a DomainKeys signer here though, not a DKIM signer. Since
we're trying to be accommodating to a protocol DKIM ultimately replaced, does
it still create a problem?
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html