Thanks, Stephen. I had a good vacation, and I'm back.
I have seen a few comments on the list, in particular Phillip's comment
about the downgrade attack that we need to discuss more. If any of you
are holding onto comments, please go ahead.
I'm particularly interested in reactions to the algorithm given in
section 4.4. This is another attempt to strike the right balance
between security (the SHOULD for subdomain coverage in SSP requirements
section 5.1 #4), ease of deployment (trying to avoid doubling the size
of zones with extra SSP records), and avoiding creation of unacceptable
loads on DNS, and root and TLD name servers in particular. Speak up if
there are any uncovered holes in this algorithm, or where I haven't
achieved these goals.
-Jim
Stephen Farrell wrote:
Couple of quick notes on that:
1. Thanks to Jim for getting it out before his vacation.
2. Since he's on vacation we might have to wait if we've
"why'd you do that..." questions, though other authors
are about.
3. Remember that this is a -00 I-D so don't treat it as
if its written in store. OTOH, concrete alternatives are
much better than just criticising - we have after all
been chatting about this for ages already.
S.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html