[sticking with Murray's subject line so as not to create two thread breakages!]
On 10/12/10 11:29 PM, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] >> On Behalf Of Jim Fenton >> Sent: Tuesday, October 12, 2010 9:53 PM >> To: IETF DKIM WG >> Subject: [ietf-dkim] Last call comment: Changing the g= definition >> >> Between June 1 and September 1, 2010, Cisco received invalid signatures >> from 632 domains with "inapplicable keys" (meaning a g= mismatch). For >> comparison, during that same period we received valid signatures from >> 33054 domains. [...] > We don't track selector names, but our numbers are for the last six weeks, > during which time we saw 18198 unique signing domains and 370 unique domains > that sent signatures which failed due to the same cause. Very similar data. > >> Going back to the proposed change, it would create an ambiguity in the >> spec: If a domain has a selector record with g=; and no v= tag, the >> verifier MAY return a pass result. Or it MAY return a fail result. We >> don't know what to expect; the result is undefined. Signers are not >> well-served by mechanisms that don't consistently work. > We're talking about a DomainKeys signer here though, not a DKIM signer. > Since we're trying to be accommodating to a protocol DKIM ultimately > replaced, does it still create a problem? I don't have any data on how many messages had DK signatures as well as DKIM signatures, but at least some do (I checked some I received). I don't quite understand your question. The ambiguity that is created has to do with the DKIM result, not the DK result. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
