On Sat, 2006-06-24 at 21:11 +0200, Dave Crocker wrote: > > Barry Leiba wrote: > > Douglas Otis said: > >> There remains the issue... > > > > No, I'm not convinced we need to spend more time on it, I see no support > > for the idea that we should, and I see several people saying we shouldn't. > > In fact, at this point, raising the issue further is somewhere between sour > grapes and a DOS attempt.
This is not sour grapes, nor should the effort describing the concern within an I-D be considered a type of DoS attack on the list. The intent was just the opposite. This next I-D offers a much simpler solution from the prior suggestion. http://www.sonic.net/~dougotis/id/draft-otis-dkim-security-concerns-01.html http://www.sonic.net/~dougotis/id/draft-otis-dkim-security-concerns-01.txt There does appear to be an important error that describes the handling of a deprecated signature as that of an obsolete signature. This makes for a rather sharp and pronounced transition. Full upgrade of SMTP will require years. How does this provision accommodate this possible need? This is a security related work group. A few messages that explain how this is handled does not seem to be asking too much. I agree the WG has not recognized the need for this. Because it was not done before with S/MIME or OpenPGP does not seem to actually be offering a solution. Am I right about the possible problem ahead with a transition? -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
