-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Alessandro
Vesely
Sent: Thursday, November 04, 2010 12:09 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: [...]
Uh, ok, you're right. I guess I should have stopped arguing since
this thread became a dialogue among deaf people --I would have done so
if I had seen any other sign of progress on this subject.
BTW, I haven't yet tried to submit that EXE file to the DKIM software
I use. I will. I hope we all agree that the spec's better not
contain phrases such as "an implementation SHOULD crash..." :-/
It boggles my mind that a specification called DomainKeys Identified _MAIL_ has
to be explicit about the fact that the input is expected to be formatted like a
mail message, and that there's even pressure to say in a normative way that
someone implementing this has to make sure that's the case.
Security Considerations of RFC5451 was updated to include language about
hardening against input deliberately crafted to try to confuse or crash
applications, and I was surprised that they (secdir) felt that was necessary; I
expected that to be fairly obvious to anyone in the audience of a standards
track RFC.
(It wasn't required to be normative, however.)
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html