[ietf-dkim] Re: ISSUE: Better definition of "DKIM signing
deepvoice at gmail.com
Tue Nov 28 08:58:06 PST 2006
On 11/28/06, Michael Thomas <mike at mtcc.com> wrote:
> Hector Santos wrote:
> > It depends on how mixed failure and success is interpreted. DKIM-BASE
> > says as long as one signature is valid in a multi-signature message, the
> > message is valid. Failures MUST be ignored as if it was never signed.
> > There is something not very kosher with that.
> That's incorrect. DKIM says nothing about "messages" being valid or not.
> Only signatures.
The signature validates the authenticity of the message by verifying
the sender (loose definition).
If paypal sets up a rule that is something less than "I sign all and
be cruel to messages purporting to be from me without valid
signatures", then DKIM-BASE in the case of a spammer putting a RND# in
the signature field, fails to do anything other than waste CPU cycles.
More information about the ietf-dkim