On Jan 19, 2007, at 1:35 PM, Paul Hoffman wrote:
At 9:59 AM -0800 1/19/07, Douglas Otis wrote:
On Jan 19, 2007, at 3:57 AM, Stephen Farrell wrote:
6. Verifier Actions
...
Since a signer MAY remove or revoke a public key at any time, it
is recommended that verification occur in a timely manner. In
many configurations, the most timely place is during acceptance
by the border MTA or shortly thereafter. [In particular,
deferring verification until the message is accessed by the end
user is discouraged.]
This precaution should be removed!!
I disagree with Doug and agree with the wording in the current
document.
Paul,
Would you explain the reasoning for discouraging verification at the
MUA?
When annotations are applied by the MUA based upon email-addresses
trusted by the recipient (which is how recipients might achieve look-
alike spoofing protections at no cost), then verification should take
place at the MUA and not at the MDA. While DAC listed signing-
domains might provide a category of annotation that can be applied at
the MTA, there are many cases where third-party assurance is not
required for protection to be realized. Discouraging verification at
the MUA seems aimed at only permitting third-party assurances as a
means for annotating messages. : (
What prevents public keys from remaining available for a reasonable
period to accommodate MUA use? What annotation criteria can be
safely applied at the MDA? How can verification results be safely
communicated to the MUA for email-address specific annotation?
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
