On 7/21/2012 9:50 PM, Murray S. Kucherawy wrote: > That customer brought up an interesting point. "t=y" could also be > useful for messages whose signatures do verify. Specifically, it could > be used by a signer to say "It's possible this message shouldn't have > been signed by us. Please don't give it any preferential treatment > based on our name's reputation if the signature verifies, which could > then tarnish our reputation."
When Murray and I talked, I didn't review the existing text. Having just done that: > t= Flags, represented as a colon-separated list of names (plain- > text; OPTIONAL, default is no flags set). Unrecognized flags MUST > be ignored. The defined flags are as follows: > > y This domain is testing DKIM. Verifiers MUST NOT treat messages > from Signers in testing mode differently from unsigned email, > even should the signature fail to verify. Verifiers MAY wish > to track testing mode results to assist the Signer. I see that its semantics already cover the case that is being discussed, specifically with the core clause: "Verifiers MUST NOT treat messages from Signers in testing mode differently from unsigned email,..." That any reader does not readily see this suggests to me that some clarification language would be useful to apply, as well as an annotation about report. The clarification attempted in the remainder of that sentence appears to cause readers to think that successful verification is excluded! Here are two small tweaks that might correct things: y This domain is testing DKIM. Verifiers MUST NOT treat messages from Signers in testing mode differently from unsigned email. This covers both successful and failed verification. Verifiers MAY wish to track and report testing mode results to assist the Signer. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html