[ietf-dkim] Authentication-Results: Header
Earl Hood
earl at earlhood.com
Tue Aug 16 23:48:53 PDT 2005
On August 17, 2005 at 00:25, "Hector Santos" wrote:
> Based on what I see in one of Michael Thomas's signed DKIM messages, it
> looks like the fields are:
>
> Authentication-Results: signer domain;
> header.from=address;
> ` dkim=PASS|FAIL|NEUTRAL?;
> (comment)
>
> Is this defined somewhere?
Not in detail. The DKIM draft just says to use Authentication-Results.
But some have raised concerns that Authentication-Results is not
sufficient.
I raised the idea of having status codes so results can be more
granular, allowing for better decision making processes downstream.
What has not be discussed is what about multiple signatures.
Are there multiple result fields?
What about attempts to spoof the result fields? If a DKIM verifier
sees a results field, should it remove it to avoid spoof attempts?
A verifier may want to sign the results field, allowing for downstream
verifiers to verify the integrity of the validation.
--ewh
More information about the ietf-dkim
mailing list