Eric Allman wrote:
--On November 8, 2006 12:05:07 AM +0200 Pekka Savola
<pekkas(_at_)netcore(_dot_)fi> wrote:
==> what is the expected verifier's behaviour if one or more of
these MUST/MUST NOTs doesn't hold? AFAICS, that hasn't been
specified, at least not very clearly. Should it be?
This is already covered in (e.g.) 6.1.1:
Implementers MUST meticulously validate the format and values
in the DKIM-Signature header field; any inconsistency or
unexpected values MUST cause the header field to be
completely ignored and the verifier to return PERMFAIL
(signature syntax error). Being "liberal in what you accept"
is definitely a bad strategy in this security context.
One clarification to this for Pekka, in case he missed it: Section 3.2:
Unrecognized tags MUST be ignored.
Tony Hansen
tony(_at_)att(_dot_)com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html