Re: I-D Action:draft-hathcock-minger-05.txt

Title           : The Minger Email Address Verification Protocol
Author(s)       : A. Hathcock, J. Merkel
Filename        : draft-hathcock-minger-05.txt


Great.  But a fresh date oddity, expired before publication :-)

Some observations minus the few simple nits reported by IDnits:

s/are therefore often decide/therefore often decide/ (to accept)
or maybe "are therefore often forced to accept". 

Status codes 0..5:  Intuitively I'd expect "0" to be "okay".

Digest = MD5( secret ":" mailbox ) could attract the attention
of security folks, how about using HMAC(x, y) instead of MD5 ?

Anonymous mode, is that MD5( ":" mailbox ) or MD5( mailbox ) ?

Security:  The secret is defined to be 1*50(VCHAR), maybe say
at least 16 VCHARs instead of 128 bits.  MD5 could handle bit
strings if you'd want this, but you want ordinary VCHAR bytes.

 Frank

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: More new text for 2821bis (was: Re: Response to appeal from John Klensin dated 13-Jun-2008), John C Klensin

Next by Date:

Auto-Submitted and Autosubmitted, Дилян Палаузов

Previous by Thread:

Response to appeal from John Klensin dated 13-Jun-2008, IESG Secretary

Next by Thread:

Auto-Submitted and Autosubmitted, Дилян Палаузов

Indexes:

[Date] [Thread] [Top] [All Lists]