ietf-mailsig
[Top] [All Lists]

Re: DKIM: c=simple is aspirational

2005-07-16 11:13:27


Ned Freed wrote:
>  As for the liklihood that people will deploy DKIM in simple mode, only
to find
> that it fails, this can be dealt with by appropriate wording choices. The
> current wording is IMO inadequate - this needs to be a SHOULD use nowsp mode
> unless you're sure simple mode will work. noswp mode also need to be the
> default.

Ned,

I agree with a lot of what you say in this post, but I think
you're missing one use case of simple which doesn't have an
dependencies on aspirations: the case were a signer would rather
the signature break -- with even the possibility of discard.
For example, statements(_at_)bigbank(_dot_)com probably does not want anything
monkeyed with their statement, and is willing to tolerate the
risk of manglers.

I view this as a use-case for S/MIME or possibly PGP, not DKIM. I don't have
much experience with PGP, but S/MIME works really well for such things in
practice.

In fact this brings up another potential issue, which is that we really need to
distinguish what we're doing here from what S/MIME and PGP do.

                                Ned


<Prev in Thread] Current Thread [Next in Thread>