[ietf-dkim] Features that could be reconsidered as part of the bis process
chl at clerew.man.ac.uk
Fri May 22 06:38:23 PDT 2009
On Thu, 21 May 2009 17:08:12 +0100, Dave CROCKER <dhc at dcrocker.net> wrote:
> Eliot Lear wrote:
>> On 5/21/09 5:45 PM, Dave CROCKER wrote:
>>> There is no concept of "responsibility for information behond l=".
>> Sure there is. It is simply "unsigned" beyond the value of l=.
> You appear to be confusing the difference between the internals of how
> determines whether there is a valid signature, from fine-grained (output)
> semantics about the message. DKIM merely says that a valid signature is
> present or it isn't. It makes no statement about differential coverage
> of the
If the verifier reports there is no valid signature (or the signature that
is present is broken), then all bets are off. But if it reports that a
valid signature exists, then a perfectly reasonable question, to which the
verifier should be prepared to answer, is "Fine, so exactly what is it
that was signed?". And since DKIM defines very clearly what is covered by
the signature (a list of headers, plus part or the whole of the body),
that is clearly useful information which DKIM has conveyed and attested.
Sure, the Spec does not say that is useful information, but why should it?
It is Blatantly Obvious!
Surely you do not suppose that a signature which covers only the From
header (and that is a perfectly valis signature according to the document)
is to be accepted as equally valuable to a signature that covers
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim