In <200505251956(_dot_)09833(_dot_)bulk(_at_)mehnle(_dot_)net> Julian Mehnle
<bulk(_at_)mehnle(_dot_)net> writes:
Wayne Schlitt wrote:
[Julian wanted] to vote on:
[...]
* the "section 9.3.1.2 does not warn about the 63 character limit"
issue.
The last item was not discuss or voted on because it is a complicated
issue, we had already been in the meeting for 3 hours, and it was
getting very late in Europe.
This is what it is about:
[...]
The problem with this is that it suggests the use of localpart crypto
schemes (like SRS and SES), but many of these schemes will not honor the
63 characters limit for domain labels imposed by performing a DNS lookup
using the %{l} (localpart) macro.
This section also doesn't mention the problems with using SES and
mailing lists that check the 2821.MAILFROM for subscriber
confirmation, rather than the 2822.From:. It also doesn't mention
problems with replay attacks and how to deal with them. It doesn't
mention the key distribution problem. It doesn't mention a lot of
things that many page SES spec.
I really don't see much reason to add the 63 character label problem
and omit the other ten pages of explanation.
-wayne