Hello,
I commented on draft-ietf-dkim-rfc4871bis-01 previously (
http://mipassoc.org/pipermail/ietf-dkim/2010q4/014696.html ).
draft-ietf-dkim-rfc4871bis-02 obsoletes RFC 4871. RFC 5672 updates
RFC 4871. Why is the "RFC 4871 DomainKeys Identified Mail (DKIM)
Signatures -- Update" document not being obsoleted by this document?
In the Introduction Section:
"DomainKeys Identified Mail (DKIM) permits a person, role, or
organization that owns the signing domain to claim some
responsibility for a message by associating the domain with the
message."
Dave proposed a change to add a RFC 1034 reference in that sentence.
DomainKeys Identified Mail (DKIM) permits a person, role, or
organization that owns the signing domain to claim some
responsibility for a message [RFC5322] by associating the domain
name [RFC1034] with the message.
I suggest adding a reference to RFC 5322 in there to make it clear
what "message" is.
As I mentioned previously, in Section 3.3:
"In general, sha256 should always be used whenever possible."
That text was in RFC 4871 too as part of the informative note. Could
it be removed to avoid any dilution of the SHOULD in the "Signers
MUST implement and SHOULD sign using rsa-sha256" sentence?
In Section 3.3.3:
"The practical constraint that large (e.g., 4096 bit) keys may not
fit within a 512-byte DNS UDP response packet"
Could a normative reference to RFC 1035 be added in that sentence?
The practical constraint that large (e.g., 4096 bit) keys may not
fit within a 512-byte DNS UDP response packet [RFC1035]
I'll mention it again; in Section 3.5 for the d= tag:
"Internationalized domain names MUST be encoded as described in
[RFC3490]."
And i= tag:
"Internationalized domain names MUST be converted using the steps
listed in Section 4 of [RFC3490] using the "ToASCII" function."
Is there a reason why this working group requires that a document
with an intended status of "Draft Standard" should have a normative
reference to a RFC that has been obsoleted?
In Section 5.3:
"Similarly, a message that is not compliant with RFC5322, RFC2045
correct or interpret such content."
I do not understand that sentence.
"Therefore, a verifier SHOULD NOT validate a message that is
not conformant."
That sounds like good advice.
According to draft-ietf-dkim-implementation-report-03, the
interoperability and testing event was held in 2007. Was the above
requirement tested during that event? If this working group wants to
add such a requirement, I suggest setting the intended status of
draft-ietf-dkim-rfc4871bis to "Proposed Standard".
In Section 5.5:
"Verifiers MUST be capable of verifying signatures even
if one or more of the recommended header fields is not signed
(with the exception of From, which must always be signed)"
Is the last "must" a requirement?
draft-ietf-dkim-rfc4871bis has an informative reference to RFC
5451. I note that the draft uses the "X-Authentication-Results"
header field line.
Regards,
-sm
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html