Re: [Acme] I-D Action: draft-ietf-acme-email-smime-05.txt

A. Schulze Tue, 09 Jul 2019 14:38:11 -0700


Am 08.07.19 um 17:51 schrieb internet-dra...@ietf.org:
> https://tools.ietf.org/html/draft-ietf-acme-email-smime-05

Hello,

certification based on messages require confidence the messages aren't tampered.
To assure that I suggest to require some properties that make the messages more 
robust
against modification.

messages sent by the CA

 - message content MUST be 7 bit before signing
   -> https://tools.ietf.org/html/rfc6376#section-5.3

   The draft mention 7 bit only for response messages (Section 3.2 6.)

 - DKIM signatures MUST be creates in a way that allow detection
   of header addition.
   -> https://tools.ietf.org/html/rfc6376#section-5.4

   while RFC 6376 don't name it "oversigning" it's a common
   phrase for OpenDKIM users...

messages send back to the CA:

  the CA MAY require same DKIM properties for the messages they
  expect from the user.

Andreas


_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] I-D Action: draft-ietf-acme-email-smime-05.txt

Reply via email to