ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] New issue: base-00 3.5 x= (was: testing Message Corpus& question for base spec)

2006-02-11 12:58:17

----- Original Message -----
From: "Frank Ellermann" <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>

Douglas Otis wrote:

 [base-00 3.5 x=]
The MUST in the draft may be a bit harsh.

Yes, s/MUST/SHOULD/ makes sense, e.g. if a MUA behind IMAP
wants to check signatures.

And what if they do not?  What if it isn't behind IMAP.  Maybe its
online web mail system or just good old POP3 or both?

I personally don't have a problem with a change to "SHOULD" or "MAY"
recommendation, but rested assured, this (bad expiration) will be one or
many guarantee form of exploitation.  So a relaxation should be couple
with a hindsight about the high probably consequences of passing the
buck of bad or expired keys to the user.

All an X= relaxation does is put added pressures at various points in
the
system.

Also, there might be indirect association with this section and the
threat 4.1.10 "use of revoked keys" and DNS TTL timing issues.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com






_______________________________________________
NOTE WELL: This list operates according to 
http://dkim.org/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>