Stephen, > -----Original Message----- > From: Stephen Farrell [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 17, 2005 2:36 AM > To: Jim Schaad > Cc: 'Barry Leiba'; 'IETF DKIM WG' > Subject: Re: [ietf-dkim] DKIM Charter Comments > > > Hi Jim, > > Jim Schaad wrote: > > I have the following comments on the draft charter: > > > > 1. The second paragraph has the sentence: > > > > The DKIM working group will also produce security requirements to > > guide their efforts, and will analyze the impact on senders and > > receivers who are not using DKIM, particularly any cases in > which mail > > may be inappropriately labeled as suspicious or spoofed. > > > > I don't understand what the last clause has to do with > people who are > > not using DKIM. If they are not using DKIM then mail could not be > > labeled as suspicious or spoofed. I assume that this should read: > > > > The DKIM working group will also produce security requirements to > > guide their efforts. This will include the impact of > sending domains > > that are not using DKIM (mail may be inappropriately labeled as > > suspicious or spoofed by receiving domains that use DKIM). > > Additionally it will include the impact of receiving > domains that are > > not using DKIM (**** what is an example attack or problem????****). > > Hmm. Not sure that I prefer that. I think the current text > means that we have to care if dkim (+/- ssp) causes some > reciever to say "this is spoofed" far too easily, just > because of how we've structured dkim (and ssp in particular). > You may be right that there's no example for receiveing > domains not using DKIM, but I don't think the charter has to say that.
I have no problems if that is what you want to say -- that we need to look at this, but in that case I still think that the paragraph needs to be re-written as the case of spoofed mail is dependent on the not using DKIM clause. Perhaps: The DKIM ... This will include looking at 1) interactions with domains which are not using DKIM (sending and receiving), 2) inappropariate labeling of mail as spoofed or suspicious due to interactions of DKIM with other systems. jim > > > 2. Formatting issue -- is paragraph 3 really three > paragraphs or just > > three sentences within a single paragraph > > > > 3. On the deliverables I would like to see the first > delivable moved > > to the end of the list (to match the order of milestones). > It makes > > the tracking between the two lists simpler. > > I'm happy to let Barry take those editorials. > > > 4. It is not clear to me that you can separate the > development of the > > DNS RR from the base specification. My assumption is that the base > > specification is stating how the addressing of the DNS RR is to be > > done and to effectively specfiy the content. It makes more > sense to > > me to pull each of the different DNS RR's into the > respective documents. > > That's a fair enough point and one that Dave Crocker's mail > from today also tackles. I personally don't know if changing > this would be better or would just add delay with no real > benefit, but I'm interested in hearing opinions. > > Stephen. > > > _______________________________________________ ietf-dkim mailing list http://dkim.org
