On July 15, 2005 at 11:04, Tony Hansen wrote:
Yes, the interaction between DKIM's results and the
Authentication-Results: header need to be better defined.
Earl mentions status codes. Don't you think the "pass" / "fail" /
"softfail" / "neutral" / "temperror" / "permerror" set defined in
draft-kucherawy-sender-auth-header are sufficient? If not, how and where
would you expand on those statuses?
It would be nice to provide a more specific reason of why a "fail"
happened. I see the above as a good classification of grouping
status codes.
For example, for "fail" you can have codes for:
(1) General failure (a catch all in case nothing more specific is
available).
(2) Key revoked.
(3) Malformed signature field
(4) Signature verification failed
etc...
This way, one can generate reports and stats based on well-defined
codes versus general free-form text messages. I think such stats
will be useful, especially during initial implementation to see
what kind of failures are common.
Note, I still think a human readable text message should be provided,
but the codes are more friendly for automated processing and reporting.
--ewh