Dave Crocker writes:

 > URL:
 > http://www.ietf.org/internet-drafts/draft-kucherawy-dkim-delegate-00.txt

Merry Christmas for mailing lists!  Mailman at least already
recommends that sites hosting lists DKIM sign, so we have nothing new
to do!

Two nits to pick.  First, I'd like a whole (sub)section (containing
approximately one sentence :-) for Mediator responsibilities, even if
it's redundant with step 4 of the specification.  Maybe a subsection
of section 5 (Discussion)?

Second, from the draft:

    The expiration time on the Secondary signature needs to be long
    enough to permit evaluation by receivers of the re-submitted
    message, yet short enough to limit the potential for unauthorized
    replay attacks.  A good choice is a small number of days or even
    hours.

Due to greylisting (I've seen a message that got greylisted twice,
once at the mailing list and once at the recipient), I'd recommend
that the absolute minimum for expiration time be 12 hours, and that at
least 24 hours be recommended.


_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to