On Oct 22, 2010, at 8:28 AM, Barry Leiba wrote:
1. How to handle a key record with empty "g=" and absent "v=" (section
6.1.2, list item 6).
Proposed change: Remove "g=" altogether, along with all references to
it. Surveys of what's out there show vanishingly few cases that use
"g=" with any value other than "*" or empty, so this can be removed as
an unused feature.
This seems like a good change.
2. Advice about wildcards in TXT records.
Proposed change: Add a note in section 6.1.2 warning about the effect
of wildcard TXT records on finding DKIM key records.
Reasonable.
3. The issue of multiple occurrences of header fields that may only occur
once.
Proposed change: Add text to section 5.3 recommending that verifiers
check that the message complies with specs, and that they not validate
a non-compliant message.
I'd object fairly strongly to this, for several reasons.
A DKIM verifier shouldn't be doing anything other than the cryptography
needed to confirm the signature.
Also, there's a lot of non-5322 compliant mail out there that's perfectly
harmless and wanted. There's also a lot of unwanted or harmful mail
out there that violates 5322.
DKIM signatures allow receivers to track reputation and distinguish
between those two groups. Crippling DKIM so that it can't be used to
identify the sender for these categories of email seems perverse.
Add a new section 8.14 to the Security
Considerations, explaining the attacks that can be done using this
exposure.
This seems like a good thing to add.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html