[ietf-dkim] Secrtion 6.3 Comments
dotis at mail-abuse.org
Tue Oct 24 13:40:13 PDT 2006
On Oct 24, 2006, at 11:49 AM, Jim Fenton wrote:
> Hallam-Baker, Phillip wrote:
>> 11. The Protocol MUST NOT be required to be invoked if a valid
>> first party signature is found.
>> Should be:
>> The Protocol MUST NOT be required to be invoked if a valid first
>> party signature that satisfies the cryptographic criteria of the
>> recipient is found.
>> If I look at the email and find a satisfactory signature I am
>> done. If I don't find any signature at all *or I find only a weak
>> signature* I need to look at the policy.
> I don't see why we need to introduce shades of grey (i.e., valid
> but weak signatures) here. The verifier is able to decide what it
> considers to be a valid signature. If a signature uses an
> algorithm that the verifier considers to be too weak, it should
> just consider the signature to be invalid. Then the original #11
> is sufficient.
Where policy is asserted and whether policy is to be invoked are
separate issues. This purported requirement is making assumptions
about where policy is expressed, and about the value in codifying a
bid-down vulnerability (over a period likely measured in years) as a
protocol requirement. Clearly both assumptions can be wrong.
Rather than making erroneous statements, properly handle this issue
or indicate it will be addressed later. Either approach is
preferable over an erroneous assertion included as a requirement.
More information about the ietf-dkim