[ietf-dkim] Final update to 4871bis for working group review
dhc at dcrocker.net
Wed Jul 6 12:29:37 PDT 2011
On 7/6/2011 11:34 AM, Murray S. Kucherawy wrote:
>> As Pete has pointed out -- and has he's adamant about -- the signer can't
>> attack... that is, DKIM can't do anything about "attacks" by the signer.
>> And that's as Charles's text itself points out. So I'd be
The signer can attack the receiver, of course.
The signer cannot attack the DKIM mechanism. Attacking the mechanism has to do
with working around the mechanism. Semantically, that is only meaningful as
done by independent third-parties. Not a principal in the use of the mechanism.
> Interesting side note: Given the reference to Postel's Law being
Postel's law is generally misapplied from what he intended.
It is mis-used as an excuse for sloppy and overly permissive specification and
for inaccurate implementation, neither of which were what Jon intended.
He was attempting to cover only those cases in which reasonable specifications
are subject to some variance in interpretation, resulting in a degree of
difference in implementation.
As such, it's a dandy rule.
> Anyway, with a few nitty edits from me as well, here's the current 8.15 for
> -15 for everyone's consideration. I concur with Barry with respect to the
> DISCUSS complaint about who's attacking what.
> Also, the second paragraph
> already alludes to the fact that multiple From: fields is a problem
> regardless of whether or not one of them is signed. I think it covers the
> bases and flows nicely.
More information about the ietf-dkim