-----Original Message-----
From: John R. Levine [mailto:johnl(_at_)iecc(_dot_)com]
Sent: Wednesday, October 20, 2010 5:08 PM
To: Murray S. Kucherawy
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] double header reality check
Here's maybe a better way to frame the question: Should we empower
ourselves to label a DKIM implementation that doesn't do format
enforcement as (a) non-compliant, or (b) low-security/low-quality?
The latter. Hey, we agree. I think I always said SHOULD rather than
MUST.
Damn, lost it. I think we should talk about it, and even in detail, but
without using those words.
And I'd be fine converting the MUA advice to which you refer into something
more general, like hammering home the point about what exactly a validated
signature is telling you, and leave it to the implementers of those modules to
figure out what to do with that information.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html