On 6/12/2014 8:40 AM, Murray S. Kucherawy wrote: > On Wed, Jun 11, 2014 at 10:39 PM, Dave Crocker <dcroc...@gmail.com > <mailto:dcroc...@gmail.com>> wrote: > > The irony of your suggestion is that it requires having 'unupgraded' > software reliably use the version number, given that they haven't needed > to do that before either... > > > Section 6.1.1 of DKIM makes it a MUST that unknown versions result in an > error. Are you assuming here that some/many/most implementations will > have ignored that? You might be right; I'm just trying to be clear. > For that matter, can we assume "x=" was properly implemented?
It's the kind of issue that needs field verification, because it is the kind of spec detail that developers often treat casually or ignore. If they don't have to pay attention to it, to get things running, they often don't. Not YOU, of course, but lots of other developers... It's one of the reasons that version numbers tend to have little real utility. > It would indeed be ideal to find a way to ensure that the delegation > signature is disregarded by legacy DKIM implementations, and only used > when coupled with a passing Mediator signature. Well, remember that we need this to be useful even when there is no mediator signature, if the receiver can validate the identity of the mediator through other means... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc