On 7/21/2012 9:50 PM, Murray S. Kucherawy wrote:
That customer brought up an interesting point. "t=y" could also be
useful for messages whose signatures do verify. Specifically, it could
be used by a signer to say "It's possible this message shouldn't have
been signed by us. Please don't give it any preferential treatment
based on our name's reputation if the signature verifies, which could
then tarnish our reputation."
When Murray and I talked, I didn't review the existing text. Having
just done that:
t= Flags, represented as a colon-separated list of names (plain-
text; OPTIONAL, default is no flags set). Unrecognized flags MUST
be ignored. The defined flags are as follows:
y This domain is testing DKIM. Verifiers MUST NOT treat messages
from Signers in testing mode differently from unsigned email,
even should the signature fail to verify. Verifiers MAY wish
to track testing mode results to assist the Signer.
I see that its semantics already cover the case that is being discussed,
specifically with the core clause: "Verifiers MUST NOT treat messages
from Signers in testing mode differently from unsigned email,..."
That any reader does not readily see this suggests to me that some
clarification language would be useful to apply, as well as an
annotation about report.
The clarification attempted in the remainder of that sentence appears to
cause readers to think that successful verification is excluded!
Here are two small tweaks that might correct things:
y This domain is testing DKIM. Verifiers MUST NOT treat messages
from Signers in testing mode differently from unsigned email.
This covers both successful and failed verification.
Verifiers MAY wish to track and report testing mode results to
assist the Signer.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html