ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Output summary

2011-04-27 16:29:45
Do we need to say anything about the possibility that there are multiple
signatures?

How about "For each signature not ignored by the verifier" or such.

Section 5.3 says:

    Verifiers SHOULD ignore failed signatures as though they were not
    present in the message.

and Section 7 says:

    In the following description, text reading "return status
    (explanation)" (where "status" is one of "PERMFAIL" or "TEMPFAIL")
    means that the verifier MUST immediately cease processing that
    signature.  The verifier SHOULD proceed to the next signature, if any
    is present, and completely ignore the bad signature.  If the status
    is "PERMFAIL", the signature failed and should not be reconsidered.
    If the status is "TEMPFAIL", the signature could not be verified at
    this time but may be tried again later.  A verifier MAY either defer
    the message for later processing, perhaps by queueing it locally or
    issuing a 451/4.7.5 SMTP reply, or try another signature; if no good
    signature is found and any of the signatures resulted in a TEMPFAIL
    status, the verifier MAY save the message for later processing.  The
    "(explanation)" is not normative text; it is provided solely for
    clarification.

If you believe that, the output should only include signatures that 
verified, right?  So you aren't suppsed to report TEMPFAIL or PERMFAIL. 
Except that if it TEMPFAILed, the output can optionally include a queued 
copy of the message and part of a of SMTP transaction.

I fear the worms are escaping.  Maybe it should say that the output 
includes the signatures that validated.  If nothing validated, it might 
include a hint that the caller might get a better answer later.  And we 
should fix Section 7, since you can't even assume that the validator is 
running anywhere near an SMTP session.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>