At 08:51 02-12-2008, Lisa Dusseault wrote:
This seems like a bad idea to me; verifiers can always say whatever
they like but encouraging them to report less accurate information
seems like a poor choice for the long term compared to just
reporting the most accurate status. Why would we recommend
verifiers "lie" instead of recommending downstream agents to
consider accepting failed signatures?
The argument is that some "clinically challenged" operators tend to
equate "fail" with "bad message" and reject the message.
At 09:48 02-12-2008, Jim Fenton wrote:
RFC 4871 sec. 6.1 says, "Verifiers SHOULD ignore any DKIM-Signature
header fields where the signature does not validate." My concern is
that if the verifier reports "fail", it's not really ignoring the broken
signature.
We can read fail as "does not validate". Section 6 of RFC 4871 is
about Verifier Actions. The Authentication-Results header field is
not about actions; it's about reporting the results. The action the
filter or MUA takes would be to ignore the "fail" as specified in Section 6.1.
Regards,
-sm
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html