[ietf-dkim] editorials and nits
Eliot Lear
lear at cisco.com
Mon Jul 3 23:42:38 PDT 2006
Eric,
First of all, happy 4th of July. For some unknown reason Switzerland
doesn't celebrate it.
>> 3 1.1, 2nd set of bullets. dkim *does* require a ttp - the DNS.
>> Better to say that dkim requires no *new* ttp.
>
> I don't see DNS as a "third party" in the same sense as a CA for
> certs. Yes, DNS has to work, but it isn't a third party (unless you
> want to count the root servers, I suppose). By this logic, we should
> also include the multiple third parties that run the routers and all
> the rest of the infrastructure.
I believe one could distinguish different forms of attack, and in this
case whether untrustworthy messages are trusted. This having been
said, I think it's safe to say that DNS is already relied upon to
transmit mail, and hence no additional trusted third part is relied upon.
>
>> #11 3.4.5, end of 1st informative note: s/ignore the tag/ignore
>> content after the indicated length/ Reason - if the ignore the tag
>> then they won't verify the signature.
>
> Actually, in our early discussion over this we actually did mean that
> the verifier can simply ignore the tag, and yes, it won't verify. Some
> people deemed that to be a feature, not a bug.
In the "Horses not Zebras" department what's the best wording?
Eliot
More information about the ietf-dkim
mailing list