> It should be perfectly fine to say DKIM expects valid input, for > whatever definition of that we want to invent, and also state that > handing it anything else has either undefined results or specific bad > results.
We seem to be talking past each other here. I don't see anyone proposing a deep dive into 5322 validation. But 4871 already says you MUST sign the From: header. Why is that OK, but saying you MUST NOT sign or validate something with two From: headers is not? We're not suggesting anything that would invalidate existing bits on the wire, after all. DKIM is full of layer violations where it tells people how to sign and verify robustly. Sec. 5.3 tells signers to downcode 8-bit MIME, 6.1.2 has some fairly dubious assumptions about the structure of the DNS, 6.1.3 even tells verifiers to rewrite MIME separators. This seems an odd place to draw a line in the sand, and an unfortunate one if you believe that an important use of DKIM should be to whitelist mail from trusted signers. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
