31 lines
1.3 KiB
Plaintext
31 lines
1.3 KiB
Plaintext
MBOX-Line: From johnl-imap at iecc.com Fri Mar 13 14:16:00 2015
|
|
To: imap-protocol@u.washington.edu
|
|
From: John Levine <johnl-imap@iecc.com>
|
|
Date: Fri Jun 8 12:34:54 2018
|
|
Subject: [Imap-protocol] DKIM signatures on this list
|
|
In-Reply-To: <CAKHUCzxeUeM2YBqCryov4pfEVfZvaHd-KsacMbiURQ+NGWVHvA@mail.gmail.com>
|
|
Message-ID: <20150313211600.25485.qmail@ary.lan>
|
|
|
|
>> The point of a signature is to have a way of verification of the message
|
|
>> as sent and received. If "you" received a message from your boss saying "I
|
|
>> approve that you spend ten thousand dollars in the company party" and the
|
|
>> signature of such message would not validate, that would certainly not be a
|
|
>> situation where "you" would say "the correct thing to do is to ignore it."
|
|
|
|
RFC 6376 is quite clear about what you do with an invalid DKIM
|
|
signature -- you ignore it, as though the signature wasn't there at
|
|
all. We deliberately wrote it that way.
|
|
|
|
It's fine to treat mail with valid signatures differently from mail
|
|
without valid signatures, but it's not fine to treat mail with an
|
|
invalid signature differently from mail with no signature. That's why
|
|
you shouldn't depend on lists to strip the signatures they break.
|
|
|
|
I would have hoped that people interested enough in mail software to
|
|
be on this list would go to the effort to read and understand the
|
|
specs they implement.
|
|
|
|
R's,
|
|
John
|
|
|