That customer brought up an interesting point. "t=y" could also be useful
for messages whose signatures do verify. Specifically, it could be used by
a signer to say "It's possible this message shouldn't have been signed by
us. Please don't give it any preferential treatment based on our name's
reputation if the signature verifies, which could then tarnish our
reputation."
"Should't have been signed by us" clearly can't mean that someone
stole the private key or otherwise hacked things, so you're saying,
"Our processes might not be set up right, and we might be signing crap
sent by bad guys. Give us a break until we get things straight."
Any comments about this? I talked to Dave last week as we happened to be at
the same event, and he thought this warranted a new erratum against RFC6376.
No, it absolutely doesn't, and please don't do that. This was not
something that had been considered during the development of 6376, but
didn't make it into the document correctly. You might consider that
it's something that *should* have been considered, and oops, we blew
it... but that's not what the errata system is for. There's a DKIM
wiki and issue tracker still available on the former working group's
tools page ( http://tools.ietf.org/wg/dkim/ ), and we can change the
permissions on the issue tracker if folks want to use that to track
these sorts of things for future updates.
But more to the point, it seems that this isn't a specific "we're
testing our system" issue, but a separate issue related to reputation:
"Do not use signatures made with this key as input to your evaluation
of our reputation." It would seem best to propose a new tag, in a
DKIM extension, for that purpose, rather than re-using and overloading
t=.
Barry
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html