ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Output summary

2011-04-27 14:44:42


On 4/27/2011 12:28 PM, Murray S. Kucherawy wrote:
With that in mind, I propose this as a new Section 4.9, moving the others 
down:

4.9. Output Requirements

The output of the verifier MUST embody:

-A result code that indicates whether or not the signature was validated
(PERMFAIL or TEMPFAIL as described in Section 7.1, or a success result code)

-If the signature did validate, the value of the “d=” tag, i.e., the signing 
domain

The verifier MAY include other outputs, but this is implementation-dependent 
and
not mandatory. The verifier MAY also include as secondary data some 
information
indicating the specific cause of a failure.

This creates a formal protocol specification semantic in the part of the 
document dedicated to that sort of thing.

Although that's entirely too reasonable a basis for the choice, I'll give it a

+1

I note that there is similar text in the current Section 3.9 -- which will 
become 3.10 -- concerning SDID/AUID:

   Hence, DKIM's mandatory output to a receive-side Identity Assessor is
   a single domain name.  Within the scope of its use as DKIM output,
   the name has only basic domain name semantics; any possible owner-
   specific semantics are outside the scope of DKIM.  That is, within
   its role as a DKIM identifier, additional semantics cannot be assumed
   by an Identity Assessor.

I suggest deleting the first sentence and moving the remainder tot he new 3.9.


d/
-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>