Murray S. Kucherawy wrote:
-----Original Message-----
The only utility in revealing failed signature information is forensics.
That sort of debugging function doesn't need to go in a protocol
specification.
-1. It is not a debugging function.
It is about security (RFC4686) and deployments considerations
(RFC5863, see Section 7.3).
As the From: address is mandatory input for the signature, it may be a
logical step to also make it mandatory in the output?
Given the above, do we still need to?
To be more DKIM Mail Integration Consistent and Complete - yes.
See RFC5585 Figure 1 DKIM Service Architecture. The AUID is needed for
the major CSP (Checking Signing Practice) black box flow in the DKIM
design.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html