[ietf-dkim] Collection of use cases for SSP requirements
Wietse Venema
wietse at porcupine.org
Fri Nov 17 07:18:01 PST 2006
Michael Thomas:
> > My understanding is that DKIM-base can produce only two results:
> > signature verification succeeds or signature verification fails.
> > I may be mistaken, but it seems to me that expanding these two
> > results into >2 involves information outside DKIM-base.
> >
> Part of the problem here, I think, is that it depends on who the result is
> for. From a forensics standpoint, broken signatures are clearly a lot
> different than no signature. For your average automaton, however, they
> should
> *never* be taken as different if the difference leads to preferential
> treatment
> of broken/none (or visa versa).
This is an excellent point. There is a wealth of additional
information. Once there is confidence that it is valid, it should
not be ignored.
But we have to be careful, or else we end up with a chicken and
egg problem.
My analysis takes the position of the automaton, and looks at what
information is available before we declare the wealth of additional
information valid.
Wietse
More information about the ietf-dkim
mailing list