Eric,
First of all, happy 4th of July. For some unknown reason Switzerland
doesn't celebrate it.
3 1.1, 2nd set of bullets. dkim *does* require a ttp - the DNS.
Better to say that dkim requires no *new* ttp.
I don't see DNS as a "third party" in the same sense as a CA for
certs. Yes, DNS has to work, but it isn't a third party (unless you
want to count the root servers, I suppose). By this logic, we should
also include the multiple third parties that run the routers and all
the rest of the infrastructure.
I believe one could distinguish different forms of attack, and in this
case whether untrustworthy messages are trusted. This having been
said, I think it's safe to say that DNS is already relied upon to
transmit mail, and hence no additional trusted third part is relied upon.
#11 3.4.5, end of 1st informative note: s/ignore the tag/ignore
content after the indicated length/ Reason - if the ignore the tag
then they won't verify the signature.
Actually, in our early discussion over this we actually did mean that
the verifier can simply ignore the tag, and yes, it won't verify. Some
people deemed that to be a feature, not a bug.
In the "Horses not Zebras" department what's the best wording?
Eliot
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html