On 2/18/23 8:13 PM, Murray S. Kucherawy wrote:
On Sat, Feb 18, 2023 at 12:10 PM Michael Thomas <m...@mtcc.com> wrote:
Beyond this SHOULD, I think we need to consider whether the
caller needs to be told specifically when a failure occurs for
this reason. Right now an implementation might return just a
PERMFAIL without noting that it's because of "x=" versus the
signature failing for some other reason. Should the caller be
given this extra detail to enhance the decision tree, or will
this just complicate things?
Why would it permfail? Does it permfail email without a signature too?
Absent p=reject, there is nothing wrong with unsigned email.
I'm using the language of the DKIM RFC, so "PERMFAIL" here refers to
evaluation of the signature, not of the message.
But DKIM doesn't return status to anybody. That's completely internal to
the verifier. At most they might want to create an A-R, but that isn't
required and it's definitely not sent back to the sender.
Mike
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
