On Sep 21, 2006, at 3:53 PM, Michael Thomas wrote:
o DKIM Strict: the state where the domain holder believes that all
legitimate mail purportedly from the domain are sent with a
valid DKIM signature and that non-compliant services are avoided.
What is difficult to understand with this definition? Is a
definition needed for non-compliant services?
How does this differ from scenario #1?
Note that DKIM Strict is not currently defined, but should be.
Another point is that to avoid a serious security issue, there must
be different states that can be asserted for Scenario 4.1 and 4.2.
It is also not apparent what differentiates Scenario 4.1 and 4.2.
The requirements draft currently only defines "DKIM Signer
Complete." If you review the definition for "DKIM Strict" the phrase
"and that non-compliant services are avoided" has been added to the
definition of "DKIM Signer Complete". What specifically do you find
confusing about these definitions?
Perhaps these definitions might help.
o DKIM Friendly: a system, subsystem, or service that does not
render an existing message's DKIM signature invalid.
o DKIM Strict: the state where the domain holder believes that all
legitimate mail purportedly from the domain are sent with a
valid DKIM signature [and all services that are not DKIM Friendly
are also avoided.]
Use scenarios are clarified by indicating when different states are
applicable. You may have noticed a number of comments in this regard.
In 5.3. Practice and Expectation Requirements
There should also be a statement added:
n. The Protocol MUST be able to publish a Practice that the
domain's signing behavior is "DKIM Strict"
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
