On 8/10/17 10:46 AM, Viktor Dukhovni wrote: > On Thu, Aug 10, 2017 at 10:02:41AM -0700, Daniel Margolis wrote: > >> If anyone else has read this far on the thread, I'm happy to get feedback >> on this proposal from others on the list. > Yes, please! > I have been following the discussion, although not in as much detail as the two of you.
One small adjustment: When removing the policy, after removing the TXT record, you should probably wait the former record's TTL before removing the "none" policy because the TXT record could be cached elsewhere, even if it looks like it's gone when you ask for it. At a higher level: I agree that including a procedure policy removal is an essential part of the specification. But we also have to make sure that that procedure doesn't present an opportunity for an attacker to downgrade the policy associated with a recipient domain. I *think* this satisfies this requirement but I'm not completely sure. -Jim _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta