On Oct 22, 2010, at 8:28 AM, Barry Leiba wrote: > > 1. How to handle a key record with empty "g=" and absent "v=" (section > 6.1.2, list item 6). > Proposed change: Remove "g=" altogether, along with all references to > it. Surveys of what's out there show vanishingly few cases that use > "g=" with any value other than "*" or empty, so this can be removed as > an unused feature.
This seems like a good change. > 2. Advice about wildcards in TXT records. > Proposed change: Add a note in section 6.1.2 warning about the effect > of wildcard TXT records on finding DKIM key records. Reasonable. > 3. The issue of multiple occurrences of header fields that may only occur > once. > Proposed change: Add text to section 5.3 recommending that verifiers > check that the message complies with specs, and that they not validate > a non-compliant message. I'd object fairly strongly to this, for several reasons. A DKIM verifier shouldn't be doing anything other than the cryptography needed to confirm the signature. Also, there's a lot of non-5322 compliant mail out there that's perfectly harmless and wanted. There's also a lot of unwanted or harmful mail out there that violates 5322. DKIM signatures allow receivers to track reputation and distinguish between those two groups. Crippling DKIM so that it can't be used to identify the sender for these categories of email seems perverse. > Add a new section 8.14 to the Security > Considerations, explaining the attacks that can be done using this > exposure. This seems like a good thing to add. Cheers, Steve _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
