I wouldn't be opposed to doing so, except that 4871 says in two separate
places not to do that. Section 7 is, now that I look at it, really badly
written, since it implies that a "verifier" is an SMTP server.
I can take a run at fixing Section 7. What's the other place that says
not to do that?
Last paragraph of sec 5.2: " Verifiers SHOULD ignore failed signatures as
though they were not present in the message."
My preference would be to return a list of signatures that either passed
or TEMPFAILed, which could be the empty set if all of them PERMFAILed or
the message was unsigned, or none of them were acceptable in the first
place for whatever policy reasons. The caller can decide whether it
wants to try the whole shebang again later, or continue with what it
got. It's simple and complete.
That seems reasonable, but I wonder if that's a large enough change to
provoke a recycle. I suppose we can argue that the prior language was
inconsistent. What does opendkim do? My verifier, which sometimes runs
in the SMTP session and sometimes runs other places, treats tempfail
and permfail the same.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html