[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Chris
Drake
Since mention of DK has raised it's head, has anyone
explained why they violated standards and left off the "X-"
in front of "DomainKey-Signature:",
Because this whole requirement was dropped eight years ago.
or to get even more to
the brutal point, has anyone noticed that the bloke creating
all the domainkey specification documents appears to have
begun this with no background in either security/cryptography
(eg: initially recommended assymetric key sizes that were
crackable in mere seconds),
That does not matter. SSL 1.0 was designed by a neophyte and broken in ten
minutes.
I don't care how experienced the writer of the spec is provided the
reviewers have experience and the author is willing to listen to their
advice.
nor in email (eg: utterly ignores
the fact that headers get inserted everywhere nowdays
(eg: spam/virus/etc scanners) and that contents get changed by MTAs
(eg: quoted<=>8bit),
That's ok now, after much argument the point is now taken.
nor even in programming (eg: his idea of
"folding cr/lf/blankspace" is just to remove it all), and for
that matter, common sense (S/MIME already exists; the entire
DK system could have been rolled out with S/MIME just by
attaching the headers before the signature, people might want
to verify old emails, etc etc).
The companies round the table include two who have a very big stake in
S/MIME. We also know that like PGP S/MIME was designed to do encryption and
signature was an afterthought.
Phill