Murray S. Kucherawy wrote: >> -----Original Message----- > The only utility in revealing failed signature information is forensics. > That sort of debugging function doesn't need to go in a protocol > specification.
-1. It is not a debugging function. It is about security (RFC4686) and deployments considerations (RFC5863, see Section 7.3). >> As the From: address is mandatory input for the signature, it may be a >> logical step to also make it mandatory in the output? > > Given the above, do we still need to? To be more DKIM Mail Integration Consistent and Complete - yes. See RFC5585 Figure 1 DKIM Service Architecture. The AUID is needed for the major CSP (Checking Signing Practice) black box flow in the DKIM design. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
