ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: dkim-base-01 nits and semi-nits

2006-05-03 11:13:52

On May 3, 2006, at 9:45 AM, Paul Hoffman wrote:

The process should track the number of attempts made verifying signatures for a message. This concern differs from "as if that signature were not present." Without a reasonable limit for the process, DKIM verification itself can become a threat.

-1; this is an edge-case that is not worth being discussed in the - base document.

While the base draft may not indicate what is considered to be too many signatures or verifications attempts, the language describing how an invalid signature is handled should still indicate that a limit SHOULD BE applied. The base draft does not need to be specific about the limit, but this is safety concern. The actual limited could be defined in some BCP.

-Doug

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html