ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] yet more sophistry, was Data integrity claims

2010-10-16 14:27:33
    "Which header fields are essential to protect?
     How much of the message body is essential to protect?"

Your questions are noted. Other than the MUST to sign the From: header, the DKIM spec offers the technical latitide to create a totally worthless signature. I don't know anyone who disagrees with that.

Since I think we're only proposing some more SHOULD advice on how to create robust signatures, I don't really see how they're relevant to the question of double signing.


I don't mean we should rip out all the advice, merely that we need to distinguish between soft advice and serious, technical specification.

Sorry, we also need specificity. Since we are in the process of preparing 4871bis, precisely which soft advice in 4871 should we remove?

Section 1, on page 4, includes an attempt to distinguish DKIM from S/MIME. That doesn't affect signing or verification, so should we remove it?

Section 1.1 has an INFORMATIVE RATIONALE saying what the signing identity doesn't mean. That doesn't affect signing or verification, so should we remove it?

Section 1.2 is non-operational history about intended scaling. That doesn't affect signing or verification, so should we remove it?

In section 2.6, in item 2 on page 8, the last two sentences describe a putative motivation for the first sentence. That doesn't affect signing or verification, so should we remove it?

I'll let you go through the rest of the spec.

R's,
John

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html