> > That this is not in 4871 seems to be mostly a WG assumption that > > should be made explicit. > > I think several of us thought it was in there, but on review it apparently > was indeed lost somewhere along the way. We've certainly, as I understand > it, been proceeding from that assumption for a very long time. > > I like the idea of saying so explicitly in 4871bis, and applying it both to > signers and to verifiers.
Agreed. Though frankly I couldn't care less about signers. It's always the verifier that really counts. > I don't like the idea of being any more specific than that. That > is, I don't want to create specific text for specific cases we know > about because that means anything we don't list could be perceived > as less critical. A blanket admonishment to implementers is > sufficient and appropriate. Right. We could attempt to enumerate the 1,000 edge-cases we know today and then re-bis 4871 for the additional 1,000 edge-cases we learn tomorrow, or we could simply say that invalid 2822 messages MUST never verify and call it a day. Mark. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html