On 4/27/2011 8:56 PM, MH Michael Hammer (5304) wrote:
a) If at least one signature verifies, report success with the d= value(s)
of the valid signature(s) and optionally other stuff.
I'm not comfortable with this statement. If I have two signatures, one from
the domain in the From and one from a random 3rd party and the From domain
signature fails and the 3rd party passes then we declare success with the 3rd
party d=signature? To me that dog won't hunt.
Mike, I believe you are continuing to different parts of the architecture.
The DKIM verifier does not know anything about the "type" of the signature,
such
as whether it is first party or third. An architectural function that is
outside of DKIM signing makes those sorts of higher-level, integrative analyses.
The current discussion is only about signature validation and how to report
them.
To make this more direct: For DKIM signing, there is no such concept of "From
domain signature".
The issue for payload at the level of DKIM Signing, the issue needs to be kept
quite simple: Report signatures that validate and I guess also report
signatures that get a temporary failure.
No other formal payload comes out of the DKIM Signing spec, no matter what
other
sorts of cleverness a particular implementer might provide. The cleverness is
fine, but it goes beyond the spec.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html