Am 08.07.19 um 17:51 schrieb internet-dra...@ietf.org:
> https://tools.ietf.org/html/draft-ietf-acme-email-smime-05
Hello,
certification based on messages require confidence the messages aren't tampered.
To assure that I suggest to require some properties that make the messages more
robust
against modification.
messages sent by the CA
- message content MUST be 7 bit before signing
-> https://tools.ietf.org/html/rfc6376#section-5.3
The draft mention 7 bit only for response messages (Section 3.2 6.)
- DKIM signatures MUST be creates in a way that allow detection
of header addition.
-> https://tools.ietf.org/html/rfc6376#section-5.4
while RFC 6376 don't name it "oversigning" it's a common
phrase for OpenDKIM users...
messages send back to the CA:
the CA MAY require same DKIM properties for the messages they
expect from the user.
Andreas
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme