[ietf-dkim] Base-02 //Deprecated Signature Version & New List
Douglas Otis
dotis at mail-abuse.org
Sun Jun 25 05:46:30 PDT 2006
On Sat, 2006-06-24 at 21:11 +0200, Dave Crocker wrote:
>
> Barry Leiba wrote:
> > Douglas Otis said:
> >> There remains the issue...
> >
> > No, I'm not convinced we need to spend more time on it, I see no support
> > for the idea that we should, and I see several people saying we shouldn't.
>
> In fact, at this point, raising the issue further is somewhere between sour
> grapes and a DOS attempt.
This is not sour grapes, nor should the effort describing the concern
within an I-D be considered a type of DoS attack on the list. The
intent was just the opposite. This next I-D offers a much simpler
solution from the prior suggestion.
http://www.sonic.net/~dougotis/id/draft-otis-dkim-security-concerns-01.html
http://www.sonic.net/~dougotis/id/draft-otis-dkim-security-concerns-01.txt
There does appear to be an important error that describes the handling
of a deprecated signature as that of an obsolete signature. This makes
for a rather sharp and pronounced transition. Full upgrade of SMTP will
require years. How does this provision accommodate this possible need?
This is a security related work group. A few messages that explain how
this is handled does not seem to be asking too much. I agree the WG has
not recognized the need for this. Because it was not done before with
S/MIME or OpenPGP does not seem to actually be offering a solution. Am
I right about the possible problem ahead with a transition?
-Doug
More information about the ietf-dkim
mailing list