[ietf-dkim] draft-ietf-dkim-rfc4871bis-03 submitted
vesely at tana.it
Tue Feb 22 04:08:08 PST 2011
On 22/Feb/11 00:31, Douglas Otis wrote:
> Any message containing multiple orig-date, from, sender, reply-to,
> to, cc, message-id, in-reply-to, and subject header fields will not
> produce a valid signature. See Section 5.3.
The current Section 5.3 says:
Therefore, a verifier SHOULD NOT validate a message that is not
compliant with [RFC5322, RFC2045 and RFC2047] specifications.
IMHO, it is somewhat vague. That SHOULD-NOT could be "promoted" to a
MUST-NOT for a finite number of specific features --to be explicitly
listed for readers' convenience. Since it is a verifier's action,
this consideration should perhaps be moved somewhere toward the end of
Section 6. Anyway, it is vital to keep such issues related to
5322-semantics clearly separated from crypto-mechanical
signature-validity specifications. Collecting them into their own
section(s) may ease a future split.
BTW, Section 5.3 has some other paragraphs on 7-bit encoding that may
deserve revisions, also in view of EAI.
More information about the ietf-dkim