On Tue, October 13, 2009 09:58, Tom Kistner wrote:
> I finally added DKIM documentation to the spec. We can release now :)
Aren't there are other bugs that should be fixed in a 4.70 release?
http://bugs.exim.org/show_bug.cgi?id=894
http://bugs.exim.org/show_bug.cgi?id=890 <-- this one is in DKIM
Also, where is the proof that the DKIM code is correct?
All I can see is some "sign this" and "verify that" sample code.
Both DK and PDKIM are complex. There may be differences in
implementations for some cases (both From and Sender present, etc.).
When a signed email fails to validate, is it the fault of the sender
or recipient's DKIM processing?
Invalid signatures and any verification bugs will cause problems
for both sender and recipient that may go undetected.
--
Simon Arlott