> -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Alessandro Vesely > Sent: Thursday, November 04, 2010 12:09 PM > To: ietf-dkim@mipassoc.org > Subject: [...] > > Uh, ok, you're right. I guess I should have stopped arguing since > this thread became a dialogue among deaf people --I would have done so > if I had seen any other sign of progress on this subject. > > BTW, I haven't yet tried to submit that EXE file to the DKIM software > I use. I will. I hope we all agree that the spec's better not > contain phrases such as "an implementation SHOULD crash..." :-/
It boggles my mind that a specification called DomainKeys Identified _MAIL_ has to be explicit about the fact that the input is expected to be formatted like a mail message, and that there's even pressure to say in a normative way that someone implementing this has to make sure that's the case. Security Considerations of RFC5451 was updated to include language about hardening against input deliberately crafted to try to confuse or crash applications, and I was surprised that they (secdir) felt that was necessary; I expected that to be fairly obvious to anyone in the audience of a standards track RFC. (It wasn't required to be normative, however.) _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
