Eric Allman wrote: > > --On November 8, 2006 12:05:07 AM +0200 Pekka Savola > <pekkas@xxxxxxxxxx> wrote: > >> ==> what is the expected verifier's behaviour if one or more of >> these MUST/MUST NOTs doesn't hold? AFAICS, that hasn't been >> specified, at least not very clearly. Should it be? > > This is already covered in (e.g.) 6.1.1: > > Implementers MUST meticulously validate the format and values > in the DKIM-Signature header field; any inconsistency or > unexpected values MUST cause the header field to be > completely ignored and the verifier to return PERMFAIL > (signature syntax error). Being "liberal in what you accept" > is definitely a bad strategy in this security context. One clarification to this for Pekka, in case he missed it: Section 3.2: Unrecognized tags MUST be ignored. Tony Hansen tony@xxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf