On May 3, 2006, at 9:45 AM, Paul Hoffman wrote:
The process should track the number of attempts made verifying
signatures for a message. This concern differs from "as if that
signature were not present." Without a reasonable limit for the
process, DKIM verification itself can become a threat.
-1; this is an edge-case that is not worth being discussed in the -
base document.
While the base draft may not indicate what is considered to be too
many signatures or verifications attempts, the language describing
how an invalid signature is handled should still indicate that a
limit SHOULD BE applied. The base draft does not need to be specific
about the limit, but this is safety concern. The actual limited
could be defined in some BCP.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html