On Jun 4, 2013, at 7:16 PM, Sam Hartman hartmans-i...@mit.edu wrote:
So, I'd like to encourage Doug to refine his work, fix errors of
precision, but to say I think this is worth writing down.
Dear Sam,
Thank you for your interest. I have updated the draft and, and as requested by
Dave
On Sun, Jun 9, 2013 at 10:42 AM, Douglas Otis doug.mtv...@gmail.com wrote:
Procedurally speaking, what path do you anticipate your draft following?
To require messages with invalidly repeated header fields to not return a
pass for DKIM signature validation.
That's a technical response.
On Jun 4, 2013, at 9:13 AM, Murray S. Kucherawy m...@blackops.org wrote:
On Tue, Jun 4, 2013 at 4:08 AM, Douglas Otis doug.mtv...@gmail.com wrote:
In its current form, DKIM simply attaches a domain name in an unseen message
fragment, not a message. The ease in which the only assured
The problems with this draft persist...
Organizations such as M3AAWG hope to use DKIM will be able as a required
acceptance requirement to offer better ensure a domain identity to provide
offers a
I happen to be sitting in a M3AAWG meeting as I write this note and it
happens that I
Dear Dave,
On Jun 4, 2013, at 11:44 AM, Dave Crocker d...@dcrocker.net wrote:
The problems with this draft persist...
Organizations such as M3AAWG hope to use DKIM will be able as a required
acceptance requirement to offer better ensure a domain identity to provide
offers a
I happen
The draft continues to make broad, onerous claims like this, but
provides no documentation to indicate that the DKIM signing specification
is flawed in the function it is performing: attaching a validated domain
name to a message.
DKIM does not, in its current form, attach a validated
On 6/4/2013 1:08 PM, Douglas Otis wrote:
Dear Dave,
On Jun 4, 2013, at 11:44 AM, Dave Crocker d...@dcrocker.net wrote:
I happen to be sitting in a M3AAWG meeting as I write this note
and it happens that I just came out of a session in which someone
tried to assert the use of DKIM (or SPF) as a
On Jun 4, 2013, at 3:08 PM, Barry Leiba barryle...@computer.org wrote:
The draft continues to make broad, onerous claims like this, but provides
no documentation to indicate that the DKIM signing specification is flawed
in the function it is performing: attaching a validated domain name
Of course it is incorrect for a DKIM signature to be valid when a message
has multiple From header fields. DKIM requires AT LEAST the From header
field to be the minimal portion of the message signed. Every other part of
the message is optional.
In retrospect, I think that requirement was
On 6/4/2013 4:51 PM, Douglas Otis wrote:
Of course it is incorrect for a DKIM signature to be valid when a
message has multiple From header fields.
You lost that debate in the working group. Multiple times.
Saying of course at the beginning of your claim does not make you win
the argument.
On Tue, Jun 4, 2013 at 6:48 AM, Dave Crocker d...@dcrocker.net wrote:
Simply publishing this draft appears to have already increase
the level of multiple FROM header field abuse seen where it is
now at 21% of signed DKIM messages.
Sounds pretty scary. No doubt the assertion is publicly
On Tue, Jun 4, 2013 at 4:08 AM, Douglas Otis doug.mtv...@gmail.com wrote:
In its current form, DKIM simply attaches a domain name in an unseen
message fragment, not a message. The ease in which the only assured
visible fragment of the message signed by the domain being forged makes it
I'm jumping into this particular branch of the conversation late. I've
followed Doug's concerns against DKIM somewhat over the years.
It seems fairly clear that Doug has a long-standing concern regarding
DKIM and how it interacts with e-mail.
It seems fairly clear he's in the rough within the
On May 12, 2013, at 9:59 PM, Dave Crocker d...@dcrocker.net wrote:
Dear Dave,
Thank you for your thoughtful review, it was most helpful. I have updated the
draft in hopes of adding greater clarity and to address your concerns.
The new information not available to the WG at the time is how
Review of: DKIM is Harmful as Specified
I-D: draft-otis-dkim-harmful-00
Reviewed by: D. Crocker
Review Date: 12 May 2013
Summary:
DKIM is in wide use for email operations today; it is currently at
Draft Standard and has been submitted for elevation to full Internet
15 matches
Mail list logo
