Douglas Otis wrote:
On Mar 3, 2007, at 11:53 PM, John L wrote:
When two options are possible, knowing whether the signer's algorithm
for the message has been downgraded.
The only two options of any importance to a receiver are "has a valid
signature" or "doesn't have a valid signature." No amount of sender
policy blather about allegedly upgraded, downgraded, or sidegraded
signing algorithms makes any difference.
There will be questions about whether a message is abusively being
replayed. There may be questions about what email-address is assured.
Assurances could become problematic when the signing domains and the
email addresses are expressed differently.
Doug,
This isn't a debating society. Please don't continue to try drag us
back to arguments that were settled months ago. (You're not the
only one, but the above paragraph is a very good example;-)
S.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html