[ietf-dkim] Issue: Requirements #9 NOT REQUIRED for 1st party
hsantos at santronics.com
Fri Aug 11 02:29:42 PDT 2006
----- Original Message -----
From: "Stephen Farrell" <stephen.farrell at cs.tcd.ie>
To: "Hector Santos" <hsantos at santronics.com>
> Those are not in conflict. As I read it the requirement states that
> an SSP lookup MUST NOT be REQUIRED (== is OPTIONAL) when a valid
> first party signature is present.
> I guess rephrasing it as follows might make you happier:
> The Protocol MAY be invoked when a valid first party signature
> is present.
> [INFORMATIVE NOTE: The expectation is that most implementations
> will not (always) invoke the protocol in this case.]
> IMO those are equivalent, so I don't mind which gets used. Maybe
> others prefer one over the other or don't agree about equivalence?
I read it as optional too, and that's how will use it for our design too
Maybe we have two requirements here:
The PROTOCOL MAY BE invoked prior to verification as
a pre-requisite for requirement 2, 3, 4 and 7.
The PROTOCOL IS NOT required to be invoked when a 1st party
signature is detected.
My suggestion is to remove it and allowed the designers to decide how they
want to do it or maybe split it because I think its two different things.
[Optional Detail Response}
As it stands now, to me, it doesn't sound like it fits when you compare it
against the following requirements:
2. The Protocol MUST be able to publish a Practice that
the domain doesn't send mail.
3. The Protocol MUST be able to publish a Practice that the
domain's signing behavior is "DKIM Signing Complete"
4. The Protocol MUST be able to publish an Expectation that a
verifiable First Party DKIM Signature should be expected on
receipt of a message.
7. If the Discovery process would be shortened by publication of a
"null" practice, the protocol SHOULD provide a mechanism to
publish such a practice.
If you have no signature, then there is nothing to verify.
This seems to all say that maybe we need a nemesis of "DKIM Signing
Complete" called "DKIM Verifier Complete" <g>
So it seems to me that you have 4 out of 10 requirements, that conflicts
with the "MUST NOT be required to be invoked" requirement because in order
to satisfy 4 of them, you need to do a lookup to handle the cases where
there is no signature in the message.
Hector Santos, Santronics Software, Inc.
More information about the ietf-dkim