On Oct 24, 2006, at 11:49 AM, Jim Fenton wrote:
Hallam-Baker, Phillip wrote:
6.3
11. The Protocol MUST NOT be required to be invoked if a valid
first party signature is found.
Should be:
The Protocol MUST NOT be required to be invoked if a valid first
party signature that satisfies the cryptographic criteria of the
recipient is found.
If I look at the email and find a satisfactory signature I am
done. If I don't find any signature at all *or I find only a weak
signature* I need to look at the policy.
I don't see why we need to introduce shades of grey (i.e., valid
but weak signatures) here. The verifier is able to decide what it
considers to be a valid signature. If a signature uses an
algorithm that the verifier considers to be too weak, it should
just consider the signature to be invalid. Then the original #11
is sufficient.
Where policy is asserted and whether policy is to be invoked are
separate issues. This purported requirement is making assumptions
about where policy is expressed, and about the value in codifying a
bid-down vulnerability (over a period likely measured in years) as a
protocol requirement. Clearly both assumptions can be wrong.
Rather than making erroneous statements, properly handle this issue
or indicate it will be addressed later. Either approach is
preferable over an erroneous assertion included as a requirement.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
