ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] double header reality check

2010-10-20 23:42:13
-----Original Message-----
From: John R. Levine [mailto:johnl(_at_)iecc(_dot_)com]
Sent: Wednesday, October 20, 2010 5:08 PM
To: Murray S. Kucherawy
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] double header reality check

Here's maybe a better way to frame the question: Should we empower
ourselves to label a DKIM implementation that doesn't do format
enforcement as (a) non-compliant, or (b) low-security/low-quality?

The latter.  Hey, we agree.  I think I always said SHOULD rather than
MUST.

Damn, lost it.  I think we should talk about it, and even in detail, but 
without using those words.

And I'd be fine converting the MUA advice to which you refer into something 
more general, like hammering home the point about what exactly a validated 
signature is telling you, and leave it to the implementers of those modules to 
figure out what to do with that information.


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html