[ietf-dkim] double header reality check
Murray S. Kucherawy
msk at cloudmark.com
Wed Oct 20 21:38:04 PDT 2010
> -----Original Message-----
> From: John R. Levine [mailto:johnl at iecc.com]
> Sent: Wednesday, October 20, 2010 5:08 PM
> To: Murray S. Kucherawy
> Cc: ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] double header reality check
> > Here's maybe a better way to frame the question: Should we empower
> > ourselves to label a DKIM implementation that doesn't do format
> > enforcement as (a) non-compliant, or (b) low-security/low-quality?
> The latter. Hey, we agree. I think I always said SHOULD rather than
Damn, lost it. I think we should talk about it, and even in detail, but without using those words.
And I'd be fine converting the MUA advice to which you refer into something more general, like hammering home the point about what exactly a validated signature is telling you, and leave it to the implementers of those modules to figure out what to do with that information.
More information about the ietf-dkim