ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit

2006-04-18 17:01:29

On Apr 18, 2006, at 4:10 PM, Stephen Farrell wrote:

Douglas Otis wrote:

The duration of the signature should cover the "expected" distribution of transit times for a message from the originator to recipient.

Sure. Can you get us the peer reviewed stats so we can remove those quotes from "expected"?

I certainly don't have 'em, and in the absence of such real, agreed- upon information I think we're just wasting time speculating.

Section 5.2 in the base draft makes an _unsupported_ speculation about adequate key availability. The transit period should extend beyond norms for SMTP, as indicated in other places within the this Base and the Threat draft, when describing MUA signing and verification.


There are recent mails talking about "months later", those discussions are not, IMO, in scope and are significantly distracting.

Deciding whether other transports beyond SMTP might expect protection by DKIM message verification could be productive without too much distraction.

DKIM is to be used for:

1) SMTP only
   Starting at the MSA and ending at the MDA mailbox.

2) SMTP + other transports
Starting at the originator and ending when first viewed by the recipient.

-Doug


_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>