Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8029131AE4 for ; Tue, 13 Jun 2017 18:37:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jhqoouuVU35A for ; Tue, 13 Jun 2017 18:37:12 -0700 (PDT) Received: from mail-ua0-x236.google.com (mail-ua0-x236.google.com [IPv6:2607:f8b0:400c:c08::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D76F12947F for ; Tue, 13 Jun 2017 18:37:12 -0700 (PDT) Received: by mail-ua0-x236.google.com with SMTP id q15so86177445uaa.2 for ; Tue, 13 Jun 2017 18:37:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=j1e4IFcEBlykdEBNHT+fL+JxqJGLXDt4JBWngnQ8GRc=; b=lC8CpwmvztqOszJCQQQaudZhluk4B18JYFrb74OJgpsgTAU0HB7/aiwsg6R6BZ1/Sm XzkK3UwMbeL7UqlK4oMn1F8Rj8J08lRw0SVBArQVCTNwgo2YWUkG26EcicbwElK8/DUh nxoZ4f2LFnKTtchj/TuHAHVO4w4d29F1TwQh2XPLcnz1zjnAytcaz1XOc9IWHUjwCAqQ BvOt/sClmmp8vN70HZrJ0m17qgCOqeHGnjyxNhliQ425LJVzhtOXtOZR5You+DwEtReH Ajus2vMScWPjQEgX1L8OkT1UEjFMpB1ldc8FR/cIbQB/Ms36WhqmNVV3a5WCxy3bGh13 GCJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=j1e4IFcEBlykdEBNHT+fL+JxqJGLXDt4JBWngnQ8GRc=; b=pFClRQXRBuZbs/vwVN2ysVMgEBEMXDhw9NxzSGW7/8H4wVFN+vRMZcNfMHbWP+BHh2 ID7d9hRfjdJRi3wXuk7v7i9e5H0eGH2cJ4wWHbbjBto4ggat4U18WUeUz6ByyCBHOZQh nEHW4q/j2HVBSmKLAy08MPSx9SF2gHOY/Ki8FvSQIh/fKIjrZMywijh9SmBt1E/dL2yQ 8oy253Th2tcySZ/5QsmkoLyhCkhcxqLPIO/hvzGJSE8Q8MhKXHdVY60jrMaCuGEhFO20 t5vdvK/YwV4dVLjm34e7UFoddH41Xy3Qk/hdTTd6v/wfQaWjG5FxTbQeDqAnCElfMYNM jdqg== X-Gm-Message-State: AKS2vOwgbbrC+t4qaXsAu0HM2R8c8hhJUyupKUDtAXKmfS4tClWbdVa0 +sCDo4WBRlzLw5/LUmFOg8kcrq5P78sR X-Received: by 10.176.0.248 with SMTP id 111mr3798228uaj.133.1497404231162; Tue, 13 Jun 2017 18:37:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.126.6 with HTTP; Tue, 13 Jun 2017 18:37:10 -0700 (PDT) In-Reply-To: References: <149690083334.25644.8501543904193079634@ietfa.amsl.com> <17424575.60yUzU31nn@kitterma-e6430> From: "Murray S. Kucherawy" Date: Tue, 13 Jun 2017 18:37:10 -0700 Message-ID: To: Jim Fenton Cc: dcrup@ietf.org Content-Type: multipart/alternative; boundary="001a113ac2d448d0960551e197b4" Archived-At: Subject: Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usage-02.txt X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jun 2017 01:37:14 -0000 --001a113ac2d448d0960551e197b4 Content-Type: text/plain; charset="UTF-8" On Tue, Jun 13, 2017 at 7:30 AM, Jim Fenton wrote: > But "verifiers ignore signatures" doesn't seem like very good normative > language. Are they required to (MUST) or is it a strong (SHOULD) or weaker > (MAY) suggestion? > Get Pete Resnick in here! You don't need any of those things. "Verifiers ignore SHA1 signatures" means that's what they do if they comply with this update. Sticking a MUST in there doesn't change anything; anyone that wants to comply will, and anyone who has no idea about any of this won't. Alternatively, we could load this up with a sentence or two describing why it's a grand idea to ignore such signatures. -MSK --001a113ac2d448d0960551e197b4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Tue, Jun 13, 2017 at 7:30 AM, Jim Fenton <fenton@= bluepopcorn.net> wrote:
=20 =20 =20
But &qu= ot;verifiers ignore signatures" doesn't seem like very good normative language. Are they required to (MUST) or is it a strong (SHOULD) or weaker (MAY) suggestion?

Get Pete Resnick in here!

You don't need any = of those things.=C2=A0 "Verifiers ignore SHA1 signatures" means t= hat's what they do if they comply with this update.=C2=A0 Sticking a MU= ST in there doesn't change anything; anyone that wants to comply will, = and anyone who has no idea about any of this won't.

Alternativel= y, we could load this up with a sentence or two describing why it's a g= rand idea to ignore such signatures.

-MSK
=
--001a113ac2d448d0960551e197b4--