mail-vet-discuss
[Top] [All Lists]

Re: [mail-vet-discuss] Auth-Results issue #4 method=value values

2006-04-19 21:07:54
Murray S. Kucherawy wrote:
Tony Hansen wrote:
A related question is what value should be put in the headerspec for
failure situations? The identity has not been verified, so there's no
value to be put into the headerspec.

Why would it change?  The method still based its evaluation on something
(a header value, envelope data, "i=", or something else).

Sometimes it's the lack of something that causes the failure, not the
presence of it. And the value part is supposed to include an extracted
value; what if there *is* no such value?

I think in the cases of some kind of fatal syntax failure of the method
being applied, you simply wouldn't include an A-R header at all for that
method.

I disagree. What if the policy for auth method X says that all
X-Sig-Fobs must include the (normally optional) Y-dohicky parameter, but
the X-Sig-Fobs did not. This is clearly a case where X was being
applied, it failed due to a policy decision, and the reason is that
something was missing. What value would go into the headerspec for such
a failure situation.

This gets back to the argument that the headerspec should be a
subordinate clause to the authentication mechanism information, and that
the value portion of the headerspec probably should be optional as well.

Consider a message that is missing a dkim-signature header where the
policy says that the header is required; what do you put into the value
part of the headerspec?

Actually, DKIM (last I checked) said you didn't look at the policy
unless the signature failed to verify.  This would therefore be another
case where I just reported no result of any kind.

DKIM-base doesn't say anything about policy.

This is one of the issues pending discussion until after dkim-base is
finished. :-)

        Tony Hansen
        tony(_at_)att(_dot_)com
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html 

<Prev in Thread] Current Thread [Next in Thread>