On Sat, 2006-06-24 at 21:11 +0200, Dave Crocker wrote:
Barry Leiba wrote:
Douglas Otis said:
There remains the issue...
No, I'm not convinced we need to spend more time on it, I see no support
for the idea that we should, and I see several people saying we shouldn't.
In fact, at this point, raising the issue further is somewhere between sour
grapes and a DOS attempt.
This is not sour grapes, nor should the effort describing the concern
within an I-D be considered a type of DoS attack on the list. The
intent was just the opposite. This next I-D offers a much simpler
solution from the prior suggestion.
http://www.sonic.net/~dougotis/id/draft-otis-dkim-security-concerns-01.html
http://www.sonic.net/~dougotis/id/draft-otis-dkim-security-concerns-01.txt
There does appear to be an important error that describes the handling
of a deprecated signature as that of an obsolete signature. This makes
for a rather sharp and pronounced transition. Full upgrade of SMTP will
require years. How does this provision accommodate this possible need?
This is a security related work group. A few messages that explain how
this is handled does not seem to be asking too much. I agree the WG has
not recognized the need for this. Because it was not done before with
S/MIME or OpenPGP does not seem to actually be offering a solution. Am
I right about the possible problem ahead with a transition?
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html