[ietf-dkim] New issue: base-00 3.5 x= (was: testing Message
Corpus& question for base spec)
Hector Santos
hsantos at santronics.com
Sat Feb 11 11:51:14 PST 2006
----- Original Message -----
From: "Frank Ellermann" <nobody at xyzzy.claranet.de>
> Douglas Otis wrote:
>
> [base-00 3.5 x=]
> > The MUST in the draft may be a bit harsh.
>
> Yes, s/MUST/SHOULD/ makes sense, e.g. if a MUA behind IMAP
> wants to check signatures.
And what if they do not? What if it isn't behind IMAP. Maybe its
online web mail system or just good old POP3 or both?
I personally don't have a problem with a change to "SHOULD" or "MAY"
recommendation, but rested assured, this (bad expiration) will be one or
many guarantee form of exploitation. So a relaxation should be couple
with a hindsight about the high probably consequences of passing the
buck of bad or expired keys to the user.
All an X= relaxation does is put added pressures at various points in
the
system.
Also, there might be indirect association with this section and the
threat 4.1.10 "use of revoked keys" and DNS TTL timing issues.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
More information about the ietf-dkim
mailing list