On 12/4/2021 4:23 PM, Murray S. Kucherawy wrote:
DKIM, for example, allows verifiers to decide what an acceptable
signature is (a favorite I remember from the early days was "I don't
want to accept a DKIM signature that didn't cover the Subject field"),
which again means one site's "pass" is another site's "fail".
I'm going to suggest that that analysis is not formally correct.
The DKIM specification precisely defines validation for the signature
and it precisely defines what coverage is 'required'.
A receiver can indeed choose to apply stricter requirements, but a
failure to satisfy these is NOT a DKIM fail. The extra requirements are
outside the scope of the DKIM specification and therefore the failure
has nothing to do with the standard.
This is not a minor point, but it does seem to be a common point of
confusion.
d/
--
Dave Crocker
dcroc...@gmail.com
408.329.0791
Volunteer, Silicon Valley Chapter
Information & Planning Coordinator
American Red Cross
dave.crock...@redcross.org
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
