Stephen,
-----Original Message-----
From: Stephen Farrell
[mailto:stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie]
Sent: Thursday, November 17, 2005 2:36 AM
To: Jim Schaad
Cc: 'Barry Leiba'; 'IETF DKIM WG'
Subject: Re: [ietf-dkim] DKIM Charter Comments
Hi Jim,
Jim Schaad wrote:
I have the following comments on the draft charter:
1. The second paragraph has the sentence:
The DKIM working group will also produce security requirements to
guide their efforts, and will analyze the impact on senders and
receivers who are not using DKIM, particularly any cases in
which mail
may be inappropriately labeled as suspicious or spoofed.
I don't understand what the last clause has to do with
people who are
not using DKIM. If they are not using DKIM then mail could not be
labeled as suspicious or spoofed. I assume that this should read:
The DKIM working group will also produce security requirements to
guide their efforts. This will include the impact of
sending domains
that are not using DKIM (mail may be inappropriately labeled as
suspicious or spoofed by receiving domains that use DKIM).
Additionally it will include the impact of receiving
domains that are
not using DKIM (**** what is an example attack or problem????****).
Hmm. Not sure that I prefer that. I think the current text
means that we have to care if dkim (+/- ssp) causes some
reciever to say "this is spoofed" far too easily, just
because of how we've structured dkim (and ssp in particular).
You may be right that there's no example for receiveing
domains not using DKIM, but I don't think the charter has to say that.
I have no problems if that is what you want to say -- that we need to look
at this, but in that case I still think that the paragraph needs to be
re-written as the case of spoofed mail is dependent on the not using DKIM
clause.
Perhaps:
The DKIM ... This will include looking at 1) interactions with domains which
are not using DKIM (sending and receiving), 2) inappropariate labeling of
mail as spoofed or suspicious due to interactions of DKIM with other
systems.
jim
2. Formatting issue -- is paragraph 3 really three
paragraphs or just
three sentences within a single paragraph
3. On the deliverables I would like to see the first
delivable moved
to the end of the list (to match the order of milestones).
It makes
the tracking between the two lists simpler.
I'm happy to let Barry take those editorials.
4. It is not clear to me that you can separate the
development of the
DNS RR from the base specification. My assumption is that the base
specification is stating how the addressing of the DNS RR is to be
done and to effectively specfiy the content. It makes more
sense to
me to pull each of the different DNS RR's into the
respective documents.
That's a fair enough point and one that Dave Crocker's mail
from today also tackles. I personally don't know if changing
this would be better or would just add delay with no real
benefit, but I'm interested in hearing opinions.
Stephen.
_______________________________________________
ietf-dkim mailing list
http://dkim.org