[Top] [All Lists]

Re: I-D Action:draft-hathcock-minger-05.txt

2008-07-09 14:28:43

Title           : The Minger Email Address Verification Protocol
Author(s)       : A. Hathcock, J. Merkel
Filename        : draft-hathcock-minger-05.txt

Great.  But a fresh date oddity, expired before publication :-)

Some observations minus the few simple nits reported by IDnits:

s/are therefore often decide/therefore often decide/ (to accept)
or maybe "are therefore often forced to accept". 

Status codes 0..5:  Intuitively I'd expect "0" to be "okay".

Digest = MD5( secret ":" mailbox ) could attract the attention
of security folks, how about using HMAC(x, y) instead of MD5 ?

Anonymous mode, is that MD5( ":" mailbox ) or MD5( mailbox ) ?

Security:  The secret is defined to be 1*50(VCHAR), maybe say
at least 16 VCHARs instead of 128 bits.  MD5 could handle bit
strings if you'd want this, but you want ordinary VCHAR bytes.


<Prev in Thread] Current Thread [Next in Thread>
  • Re: I-D Action:draft-hathcock-minger-05.txt, Frank Ellermann <=