Douglas Otis writes: > Termnology: > DKIM Siglet is a highly constrained DKIM signature omitting > elements likely altered by a mediator.
Please, no. I agree that "weak signature" is inaccurate, but really we have a "full-coverage" signature (whatever terminology you like) signing pretty all originator header fields plus authentication fields plus the whole body, versus anything less than that (especially but not restricted to allowing additions to the body). I suspect that that is the "security-relevant" distinction, but that some originators will be willing to take more risks than others (eg, using or avoiding an l=<actual length> spec). "Siglet" is way too constrained in your definition; if we push for that, I think we'll have real trouble convincing some of the managements. Let's not embed that in the terminology, but rather let the originators decide what's "strong" or "full" enough for them. It's possible that with Murray's signature-per-MIME-part technique we could get finer distinctions, but that really requires support from MUAs that I expect Emacs/Gnus will have a Day 0 implementation for, while GMail and Outlook may never implement. Ie, don't hold your breath. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
