[ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)
domainkeys-feedbackbase02 at yahoo.com
domainkeys-feedbackbase02 at yahoo.com
Wed Aug 17 14:30:00 PDT 2005
--- Jim Fenton <fenton at cisco.com> wrote:
[ re localpart ]
> In a previous message you wrote:
>
> >The g= is an admittedly crude attempt to constrain the use of delegated keys
> >and is not intended to be of particular interest to a verifier above and
> beyond
> >ensuring the constraint is complied with as part of the verification rules.
> >
> >
> Don't you need to look at the localpart to determine whether the g=
> constraint was complied with? If the answer is "yes, to determine if
> they match, but I'm not going to do anything else with localpart" than
> we're in agreement.
Quite so. The localpart and g= are two of the inputs into the verification
logic. The outcome is either "email is verified" or "email is not verified". I
see that form of verification failure as comparable to a selector lookup
failure or a malformed signature line.
Sure. For diagnostics reasons one may want a more fine-grained explanation of
the verification failure, but in many cases one can only guess as to the true
cause. Was it really a g= vs localpart mismatch or did some "helpful" transit
MTA re-write the signature line incorrectly?
Mark.
More information about the ietf-dkim
mailing list