[ietf-dkim] New Issue: threats-01 over prescriptive about key delegation


4.1.2 says that delegates should generate key pairs and should send
signed public keys to the domain owner. There are a couple of problems
with this, if its really meant seriously.

Firstly, some domains might quite reasonably decide to do key
generation "at home" and e.g. to distribute private keys to delegates
on tamper resistent devices (e.g. USB sticks or whatever), so its
hard to justify the "should".  Same issue shows up with the signed
public keys - signed by whom, verified how, etc. are all questions
that would need to be answered before such a "should" (even lower
case) would be appropriate.

Second issue is that this document isn't the right one to specify
such solutions.

However, there's an easy fix: s/should/could/ twice and
s/minimize/reduce/ makes it all ok IMO.

Stephen.

_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[ietf-dkim] New Issue: bunch of nits on threats-01 document, Stephen Farrell

Next by Date:

Re: [ietf-dkim] New Issue: threats-01 over prescriptive about key delegation, Mark Delany

Previous by Thread:

[ietf-dkim] New Issue: bunch of nits on threats-01 document, Stephen Farrell

Next by Thread:

Re: [ietf-dkim] New Issue: threats-01 over prescriptive about key delegation, Mark Delany

Indexes:

[Date] [Thread] [Top] [All Lists]