On Fri 20/Jun/2014 03:34:42 +0200 Murray S. Kucherawy wrote:
>
> Actually I think I agree with most or all of that. My concern has to
> do with where a DKIM neophyte goes to get a complete description of
> DKIM. If we do what your draft proposes, then the complete definition
> will lie in no less than two documents, plus any that register
> extension tags or values. So what I'm uncomfortable with is a v=2
> document that is nothing more than a changes-since-v=1.
As I understand it, the reason we'd like to associate DKIM-Delegate
with a version bump is to guard those verifiers who don't expect weak
signatures. OTOH, Dave's "very-relaxed" canonicalization does have
some real grounds. DKIM verifications can fail unexpectedly, albeit
infrequently, which is why DKIM-Delegate-00 offered to overload z=.
As Dave's proposal implied, new c14ns are part of the extensibility
already provided for. Section 3.4 says:
Further canonicalization
algorithms MAY be defined in the future; Verifiers MUST ignore any
signatures that use unrecognized canonicalization algorithms.
The document defining the new c14n is formally separated from the one
which defines weak signatures. The latter can simply recommend using
the former, thereby achieving the desired protection.
Ale
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
