Hector Santos wrote:
----- Original Message -----
From: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Folks,
If there are other things Mike should be doing with reqs-01 that
haven't been said on the list, now is probably a good time to
raise them (in a new thread).
I'm taking your off list advice and posting this here:
[Offlist]
Hector wrote:
My only concern about all this is that the process has been hijacked
by those who believe a REPUTATION LAYER is the only solution to be
used with DKIM-BASE. I'm afraid the requirements will be written in a
way to water down any strong SSP consideration. Evidence of that is req
#10 and the provisional considerations that the authors themselves
don't believe in.
Speaking as all of the authors in question:
10. [PROVISIONAL] A domain holder MUST be able to publish a Practice
which enumerates the acceptable cryptographic algorithms for
signatures purportedly from that domain.
[INFORMATIVE NOTE: this is to counter a bid down attack; some
comments indicated that this need only be done if the
algorithm was considered suspect by the receiver; I'm not
sure that I've captured that nuance correctly]
I'm sure that I have no clue as to what nefarious intentions um, we,
had in mind here. As always, it would be helpful to be specific about
actual wording changes and/or showing wide support for new requirements.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html