I'm starting a separate thread for the considered intro text discussion. This response attempts to provide DKIM in-scope justification why two additional outputs should be part of a more "DKIM Complete Output" summary.
Murray S. Kucherawy wrote: > That's probably true, but that is also completely different > from necessitating a change to the mandatory output. Maybe this is about "DKIM Output Complete " rather to redundant burn in of what is mandatory. Everyone already knows SDID is a mandatory output for trust based assessor. The proposed text did say other outputs are possible, but I believe there is a minimal set of in-scope outputs that we know are useful bits of information because of what implementators are showing. Let me use ODID (Originating Domain Identity) to help describe this. I believe we have four minimal in-scope outputs that is consistent with the DKIM Service Architecture (RFC5585), Identity Assessor Layers and Reporting recommendations. RCODE result code) SDID d=, described as a MUST for (trust) assessors AUID i=, described as a MAY for assessors ODID Domain part of From: address. There is nothing new here and I believe satisfies IETF protocol design, bis work and DS considerations. It reflects current implementations, doesn't change code and definitely helps future implementors. Justifying ODID is simple: The ODID is an optional requirement in the complete software engineering design described in the DKIM Service Architecture [RFC5585]. While ODID is an optional consideration for implementors to support the Checking Signing Practices (ADSP) module, it is nonetheless part of the RFC described DKIM Service Architecture. Therefore for RFC4871bis to be consistent with RFC5585, it needs to explicitly expose the ODID as part of the DKIM Complete Output. Justifying AUID is simple as well. Dave's MLM shows an A-R (using Thomas's list post): Authentication-Results: sbh17.songbird.com; dkim=pass (1024-bit key) header.i=m...@mtcc.com It only shows the AUID. This suggest existing implementations are using the DKIM recommended A-R reporting method and needs the AUID as part of a DKIM Complete Outputs. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html