I'm trying to find a way for us to build a consensus on how to move forward.
While I have tended towards favoring a normative approach, you are swaying me with this "amazing Security Considerations addendum". Mike > -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > boun...@mipassoc.org] On Behalf Of Murray S. Kucherawy > Sent: Monday, October 18, 2010 3:18 PM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Data integrity claims > > > -----Original Message----- > > From: MH Michael Hammer (5304) [mailto:mham...@ag.com] > > Sent: Monday, October 18, 2010 12:11 PM > > To: Murray S. Kucherawy; ietf-dkim@mipassoc.org > > Subject: RE: [ietf-dkim] Data integrity claims > > > > See above. This leads me to believe that you might be amenable to > > informative text rather than normative text. > > Yes, I'm in favour of the most amazing Security Considerations addendum > you could ever imagine to cover this, and not in favour of normative text. > > > > If we can output a "warn" bit in addition to pass/fail/none, we're > also > > > presuming the MUAs will adapt to consume it. But then the MUAs can > just > > > as easily adapt to show you what parts of the message were signed and > > > which were not, and that is in fact the more complete solution. > > > > This is no more presumptuous than expecting that MUAs will adapt to > > consume the output of DKIM as it stands now. > > In another message I indicated that I don't presume either, but assert > that there's no middle ground; they will or they won't. If they will, > informative text is sufficient; if they won't, then we have to start > hardening MTAs to defend against MUA attacks because that's where header > changes and other enforcements are possible since, by definition, any > current annotations are invisible and will stay that way. > > I'm fine with accepting either model, but we have to understand the > implications of picking one. The latter, in particular, involves some > major scope creep. > > > Perhaps we should try to get some of the MUA folks to join the > conversation. > > That's a novel idea! I'll poll some other lists I'm on (and you're also > on, so you can make sure my wording isn't leading) and see if I can get > any feedback. > > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
