On 4/27/2011 12:28 PM, Murray S. Kucherawy wrote:
With that in mind, I propose this as a new Section 4.9, moving the others
down:
4.9. Output Requirements
The output of the verifier MUST embody:
-A result code that indicates whether or not the signature was validated
(PERMFAIL or TEMPFAIL as described in Section 7.1, or a success result code)
-If the signature did validate, the value of the “d=” tag, i.e., the signing
domain
The verifier MAY include other outputs, but this is implementation-dependent
and
not mandatory. The verifier MAY also include as secondary data some
information
indicating the specific cause of a failure.
This creates a formal protocol specification semantic in the part of the
document dedicated to that sort of thing.
Although that's entirely too reasonable a basis for the choice, I'll give it a
+1
I note that there is similar text in the current Section 3.9 -- which will
become 3.10 -- concerning SDID/AUID:
Hence, DKIM's mandatory output to a receive-side Identity Assessor is
a single domain name. Within the scope of its use as DKIM output,
the name has only basic domain name semantics; any possible owner-
specific semantics are outside the scope of DKIM. That is, within
its role as a DKIM identifier, additional semantics cannot be assumed
by an Identity Assessor.
I suggest deleting the first sentence and moving the remainder tot he new 3.9.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html