> -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Douglas Otis > Sent: Thursday, July 07, 2011 6:47 PM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Final update to 4871bis for working group review > > Unfortunately, the norm is not to make these checks because only DKIM > invites the possible exploit. DKIM MUST accept the role of preventing > the exploit it invites.
This is logically equivalent to saying SSL or TLS has to ensure the validity of the payload it is securing, because since that payload has been secured, people will assume it's also valid. Will you be taking your fight to the TLS working group as well, then? Otherwise, this is merely a repetition of the same argument that got us the DISCUSS in the first place. One might even call it a replay attack... _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html