[ietf-dkim] The key record upgrade attack
phoffman at proper.com
Fri Aug 4 09:52:38 PDT 2006
At 9:29 AM -0700 8/4/06, Douglas Otis wrote:
>On Aug 4, 2006, at 9:23 AM, Paul Hoffman wrote:
>>At 8:38 AM -0700 8/4/06, Douglas Otis wrote:
>>>During a transition, it would be important to communicate what
>>>will be offered and what has been deprecated. Then these options
>>>MUST be available or the related signatures MUST be ignored.
>>The SSP document *cannot* change the way implementers of the -base
>>document process signatures. "MUST be ignored" changes the logic of
>Interesting catch. This point was raised however during base, but ignored.
It was not ignored; it was actively rejected.
More information about the ietf-dkim