-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In message <[email protected]>, Hannah Stern
<[email protected]> writes
>I like the general approach of keeping to tag-value syntax, "escaping"
>to JSON/b64 in some specific places.
>
>First I had the thought that perhaps everything could be just one big
>JSON/b64 blob (one for each Message-Instance and one for each
>DKIM2-Signature), but during an absence in Februar I had the thought
>that that would have made a few things more complicated.
The on-the-wire cost of having multiple objects is pretty small and it
makes for considerable tidiness in documenting what is going on.
[snip discussion of how many signatures is too many]
>Perhaps there should also be operational limits for the maximum
>number of Message-Instance versions and DKIM2-Signatures.
I think some SHOULDs in Todd Herr's document is the way forward here.
It separates operational concerns about denial-of-service attacks
(hundreds of something-or-other) from the specification itself.
>Localpart hashes might only be a consideration now for partial
>envelope privacy, without obstructing MTAs to do all required checks,
>and verifiers to still check alignment.
hashes would not give privacy since the number of likely unhashed
versions is small (if you're just checking if your colleagues are
mentioned then very very small) so you just iterate through them and
compare -- viz: the difficulty of reversing the hash is irrelevant
anyway .... thank you for your message and I will deal with the rest of
it in due course; but the cutoff date meant that I was already in the
process of shipping "-08" when your comments arrived. There's no time to
address them (some I did already anyway) .. I'll comment more in the
coming days.
- --
richard @ highwayman . com "Nothing seems the same
Still you never see the change from day to day
And no-one notices the customs slip away"
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBaaX6T2HfC/FfW545EQKh8wCdGehXFXiWl83h/XkCuStpHCk45voAoOvv
rp4vjT+OR7yZkSrxVKiuc+U9
=8wSQ
-----END PGP SIGNATURE-----
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
