On 8/10/17 10:46 AM, Viktor Dukhovni wrote:
> On Thu, Aug 10, 2017 at 10:02:41AM -0700, Daniel Margolis wrote:
>> If anyone else has read this far on the thread, I'm happy to get feedback
>> on this proposal from others on the list.
> Yes, please!
I have been following the discussion, although not in as much detail as
the two of you.

One small adjustment: When removing the policy, after removing the TXT
record, you should probably wait the former record's TTL before removing
the "none" policy because the TXT record could be cached elsewhere, even
if it looks like it's gone when you ask for it.

At a higher level: I agree that including a procedure policy removal is
an essential part of the specification. But we also have to make sure
that that procedure doesn't present an opportunity for an attacker to
downgrade the policy associated with a recipient domain. I *think* this
satisfies this requirement but I'm not completely sure.


Uta mailing list

Reply via email to