On Sat, 2007-01-20 at 03:07 +0000, John Levine wrote: > >>6. Verifier Actions > >> > >> Since a signer MAY remove or revoke a public key at any time, it is > >> recommended that verification occur in a timely manner. In many > >> configurations, the most timely place is during acceptance by the > >> border MTA or shortly thereafter. [In particular, deferring > >> verification until the message is accessed by the end user is > >> discouraged.] > >> > >>This precaution should be removed!! > > > >I disagree with Doug and agree with the wording in the current document. > > I'm with Paul, I do not want to reopen the arguments about how long a > verification key should or shouldn't be around.
Why strengthen a bad statement that attempts to declare DKIM is to be done only at the MTA? How can DKIM's protection be extended to the MUA? The concept that policy will block look-alike attacks at the MTA is highly flawed, and even more so once EAI becomes commonly used. DKIM is _designed_ to be invisible. DKIM's protection requires annotation be added. The most secure place to add this annotation is at the _MUA_. How can an MTA know which email-addresses a recipient trusts? Checking the validity of every signature will leak information in the same manner pulling in separate graphic images. A bad idea. Why should the DKIM WG insist upon making this mistake? Marking messages at the MTA is afforded none of the protections provided by the DKIM signature. Why open such a security hole? This added statement goes to the heart of the questionable thinking that surrounds sender policy protections. This is a conversation that should be carefully reviewed and well understood. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
