[ietf-dkim] draft-ietf-dkim-ssp-02.txt
Hector Santos
hsantos at santronics.com
Fri Feb 1 19:29:11 PST 2008
Douglas Otis wrote:
>
> On Feb 1, 2008, at 3:18 PM, Hector Santos wrote:
>
>>> IMHO, unless the SSP draft is changed to comply with RFC 4871, the WG
>>> should consider adopting the ASP draft instead.
>>
>> First, I don't agree that SSP did not comply with RFC 4871.
>
> No. RFC 4871 does not comply with SSP.
How so?
From my standpoint, ASP/SSP-02 both provided unprotected considerations
in DKIM-BASE.
ASP::DISCARDABLE completely changes the semantics of DKIM-BASE failures
state change to "no signature" to one where a failed signature exist.
Likewise ASP::ALL offers no protection against fraudulent 3rd party
signers. This is not what I call adding a SECURITY WRAPPER around the
DKIM-BASE signing expectations whether forged 1st or 3rd party.
--
HLS
More information about the ietf-dkim
mailing list