[ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"
Dave CROCKER
dhc at dcrocker.net
Wed May 4 12:13:01 PDT 2011
On 5/4/2011 12:08 PM, Murray S. Kucherawy wrote:
>> Verifiers must not ignore them, assessors on the other hand may.
>
> Either could. It's an implementation choice.
>
> If the verifier wants to enable the assessor to make the call, it's free to
> export "l=" information.
Verifiers declare a signature as valid or not.
This discussion is a very nice example of the difference between protocol vs.
implementation. The protocol says l= is valid. However a particular
implementor might choose to declare that any l= not covering the entire message
shall result in a failed verification. The same applies for verifiers detecting
use of sha1.
They are free to do that.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list