-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <cacfbkehfge6+pg6rwkvf2skdyaqyqlg1bh4pyrowr3ekgfe...@mail.gma il.com>, Allen Robinson <arobins=40google....@dmarc.ietf.org> writes
>DKIM2 is an authentication mechanism. I think it would be difficult to >justify an authentication protocol dictating how systems should handle >messages that do not pass authentication checks. Local policy may indeed >evolve to state that DKIM2 unauthenticated == reject at some point in the >future. Note that it would not be proper to accept a message that failed DKIM2 validation and to then generate a DKIM2 DSN thereafter ... the "no backscatter" property of DKIM2 will not hold. Similarly, if a message fails DKIM2 validation it would not be correct to forward it with your DKIM2 signature (systems further along would be able to tell you had done this and may ding your reputation accordingly) So the protocol should be agnostic about your local policy as to whether or not you should accept the message -- but it can be quite firm about what you can do with the message thereafter (viz: nothing valid within the DKIM2 world) Note that since systems that alter the message will record what they have done (and hence the message can be validated), there should be rather less reason than at present to consider it worthwhile to accept a message whose authentication fails ... I think that is contributory to what Todd is getting at... - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBZ92+3WHfC/FfW545EQITegCfVeVUS7e1wo76OiXxvhlCetlE628AoJry zhKrUojnsSgZeumcE7aJXsl1 =zF2N -----END PGP SIGNATURE----- _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
