ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Proposal: get rid of x=

2006-04-11 16:17:29
Paul Hoffman wrote:
At 7:46 AM -0700 4/11/06, Michael Thomas wrote:
Further, section 6.4 makes no sense and has to be eliminated or seriously re-written. You can't put a header in a message for a fact that will become untrue in the future. The semantics of such a header will need to be changed to "This signature is valid when this header was created, but will become invalid at time xyz".

I'm having a hard time understanding the hand wringing here. This
can happen at _any_ time if you remove the selector from the DNS
too. So what?

As far as I can tell, the only thing that needs to be "rewritten"
is to mention x= in the step-by-step.

Further, section 6.5 will have to be re-written as well to say that when passing the signature validation information to higher-level processes, they will need to come with the time after which the signature is no longer valid.

Section 6.5 says in its entirety:

  "verifiers MUST consult the Sender Signing Policy as described in [ID-
   DKIM-SSP] and act accordingly.  The range of possibilities is up to
   the verifier, but it MAY include rejecting the email."

If there's a problem here it's that it doesn't enumerate all of the
outputs of the verification process. x= is only a small part of
those outputs.

There are probably more silly states related to x= in the document as well. They will need to be fixed before the document can be considered to be finished.

If there are "silly states", they apply equally to removing a selector
from the DNS. So removing x= from the spec does not relieve us of that
exercise.

                Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html