On Wed, 2008-06-25 at 13:13 -0400, J D Falk wrote: > On 19/06/2008 18:28, "Murray S. Kucherawy" <[EMAIL PROTECTED]> wrote: > > >> My theory is that DKIM only applies to valid 2822 messages, and > it's not > >> a substitute for a sanity check for all the screwy things one can > send > >> in a non-conformant message. Perhaps it would be a good idea > someday to > >> collect experience and advice into an implmentation guide, but > other > >> than that, it's not our problem. Agreed? > > > > +1, > > +1 > > > and I would go even further to say that we should have an errata > item > > against RFC4871 which says we should add that DKIM presumes a > > properly-formed RFC2822-style message, and that its application to > other > > messages produces undefined results. > > +1
Erm, surely a verifying mechanism's response to any non-verifiable message must be _defined_ to be "non-verifiable". It would seem that a verifying mechanism is completely useless if there exists _any_ input which elicits an undefined response; in all cases the rule must be "answer verified if verification is successful, non-verifiable otherwise". This doesn't mean that the ADSP spec (or even the DKIM spec) needs to add specificity or remove ambiguity in the underlying specs, but ADSP and DKIM certainly can't include permission to provide random responses to verification attempts of malformed messages; the rule must be that if a message is malformed to the extent that DKIM is affected, verification must be defined to fail (not turn undefined). No? - Roland -- Roland Turner | Product Manager, RealMail | BoxSentry Pte Ltd 3 Phillip Street, #13-03 Commerce Point, Singapore 048693 Mob: +65 96700022 | Skype: roland.turner | Fax. +65 65365463 [EMAIL PROTECTED] | www.boxsentry.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
