mail-vet-discuss
[Top] [All Lists]

Re: [mail-vet-discuss] Proposed "header.b" tag for DKIM signatures

2010-03-25 14:16:53
On 24/Mar/10 20:59, Murray S. Kucherawy wrote:
 In case both passed, should the verifier report the same result twice?

I would argue yes.  If your upstream mail provider (think cloud-based mail 
filtering, software-as-a-service, etc.) does all your verifying for you, I 
would say it will want to report all information to you and let you provide 
your own further filtering based on local policy.  In that regard, that 
provider would be doing you a disservice by giving you needlessly ambiguous 
results (one "dkim=pass" doesn’t tell you which one passed, and your local 
policy might actually need to know).

How do I get a local policy? I guess this question is may sound silly, 
but it seems that failures originate from header mangling much more 
frequently than real forgeries. DKIM may need some false-alarm 
reduction system to increase its reliability. In this case, it may 
also be considered a disservice to force users to fully understand the 
matter in order to devise adequate policies.

Put it another way, what is A-R going to provide w.r.t. DKIM?

* Save consumer's cpu time/DNS lookups for signature verification, or

* provide a synthesis of a message's trustworthiness, according to the 
best knowledge of the filtering agent.

Truly sophisticated servers can still provide a policy-definition 
wizard that allows users to tailor the service according to their 
specific needs.
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html 

<Prev in Thread] Current Thread [Next in Thread>