Hi SM,
On 25/06/2020 20:56, S Moonesamy wrote:
Hi Alexey,
At 11:57 AM 25-06-2020, The IESG wrote:
The IESG has received a request from the Automated Certificate
Management
Environment WG (acme) to consider the following document: -
'Extensions to
Automatic Certificate Management Environment for end
user S/MIME certificates'
<draft-ietf-acme-email-smime-08.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final
comments on this action. Please send substantive comments to the
In Section 3.1, there is the following in Point 3 and 5: "The message
MAY contain Reply-To header field." Is the duplication a mistake?
Yes, cut & paste error.
Point 6 states that its purpose is to "prove authenticity of a
challenge message". How does DKIM prove authenticity [1]?
See my other reply.
Why is there a requirement that the message has to pass DMARC validation?
Because this is the best mail indistry has to offer to prevent message
spoofing.
Has forwarding been taken into account [2]?
I don't think my proposal is inteded to work with mailing list
forwarding. This sounds pretty dangerous and defeats the prescribed
recipient email validation check. Maybe the document should say
something about this.
If you are thinking about recipient end alias-type forwarding, then I
can add some text that validation has to happen before forwarding, but
this ACME mechanism might still break if the From header field email
address of the response message doesn't match the email address used to
request the certificate for.
Best Regards,
Alexey
Regards,
S. Moonesamy
1. Please see Section 5.4 of RFC 6376.
2. That does not work well with SPF.
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
