Hmmm.
1. Abstract and 1. Intro cite data integrity. Does there need to be more
detail explaining that cryptographic authentication provides data integrity too?
1. 1.1 Scope lists things DKIM does not deal with, including a replay attack.
Does the text really need more discussion than that?
Here's core question with this sort of overview: It can include too much
tutorial about basic technology, rather than focusing on the specifics of the
technology it is meant to describe. Some pedagogy is needed, but how much?
d/
J D Falk wrote:
Suggested addition to section 2, though I'm not entirely certain that
"validity" is the correct word to use here:
2.3. Establishing Message Validity
Though man-in-the-middle attacks are historically rare in email,
it is nevertheless theoretically possible for a message to be
modified during transit. An interesting side effect of the
cryptographic method used by DKIM is that it is possible to be
certain that a signed message (or, if l= is used, the signed
portion of a message) has not been modified. If it has been
changed in any way, then the message will not be verified
successfully with DKIM.
As described above, this validity neither lowers nor raises the
level of trust associated with the message. If it was an
untrustworthy message when initially sent, the verifier may be
certain that the message will be equally untrustworthy upon
receipt and successful verification.
--
J.D. Falk
Receiver Products
Return Path
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html