[ietf-dkim] Base issue: multiple linked signatures
John Levine
johnl at iecc.com
Thu Jan 4 10:41:58 PST 2007
>> Verifiers MUST NOT use the header field names or copied values
>> for checking the signature in any way. Copied header field
>> values are for diagnostic use only.
>1) This condition is ACTUALLY REQUIRED for interoperation?
Well, yeah. If the verifier is a separate module from the one that sorts
mail based on the verification result, the sorter is going to act
differently with results from a strict verifier vs. a squidgy one.
>2) This condition limits actual HARM?
If we consider unwittingly accepting mail with bad signatures as harm, yes.
I would prefer language along the lines of what I proposed last week, that
the copied values are not for signature validation, but you can do whatever
you want with them to decide what to do with a message whose signature
didn't validate.
R's,
John
More information about the ietf-dkim
mailing list