mail-vet-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[mail-vet-discuss] Degrading DKIM "fail" to "neutral" (was Re: Last Call: ...)

2008-12-02 16:22:00
from [Murray S. Kucherawy] [Permanent Link] 
Jim Fenton wrote:


RFC 4871 sec. 6.1 says, "Verifiers SHOULD ignore any DKIM-Signature
header fields where the signature does not validate."  My concern is
that if the verifier reports "fail", it's not really ignoring the broken
signature.
  


DKIM-6.1's normative SHOULD leaves room to maneuver within an ADMD which 
does have some reason to deviate from that language and thus wishes to 
make a distinction between a failed signature and an unsigned message.  
If a verifier implementing this proposal decides to report a DKIM "fail" 
as "neutral", that distinction is no longer possible in such environments.

A general question: Is it appropriate for this draft to assist directly 
in the enforcement of a normative SHOULD from other drafts?

One response I got to some queries about this issue went as far as 
saying verifiers SHOULD NOT degrade "fail" to "neutral" despite this 
concern, thereby limiting that action only to well-considered local 
policy decisions.
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [mail-vet-discuss] General header field removal (was Re: Last Call: ...), Dave CROCKER
Next by Date:  Re: [mail-vet-discuss] Degrading DKIM "fail" to "neutral" (was Re: Last Call: ...), Dave CROCKER
Previous by Thread:  Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, SM
Next by Thread:  Re: [mail-vet-discuss] Degrading DKIM "fail" to "neutral" (was Re: Last Call: ...), Dave CROCKER
Indexes:  [Date] [Thread] [Top] [All Lists]