[ietf-dkim] Re: New issue: base-00 3.5 x=

[Frank Ellermann]

Michael Thomas wrote:

>> That could be a third case for STRONG signing policies.
 
> And this I'm pretty sure leads us down a rathole we don't
> want to go.  It's just fine for MUA's to do the verification,
> but their expectations shouldn't be what drives the standard,
> IMO.

Maybe it's a hole that can be blocked elsewhere.  Doug found an
interesting way of (ab)using intentionally short expirations.

> lots of MDA's torture messages into unverifiable messes

Do they ?  Maybe I was lucky, I've never seen that with several
ISPs.  Or you're talking about servers that I won't consider as
proper MDA. 

>> It's also possible to say "MUST NOT, but" if it's clear what
>> the "but" is about.
 
> Or just not say anything as Dave mentions.

If there are forseeable non-nonsense scenarios, where checking
DKIM might not always work as expected, we should mention it
somewhere.

> If it turns out we're wrong, we haven't made an irreversable
> decision.

As long as the caveats are documented I won't insist on using
MUSTard to make them more interesting than they are... :-)  Bye