[ietf-dkim] Comments on draft-ietf-dkim-rfc4871bis-02
SM <sm@resistor.net> Tue, 19 October 2010 21:22 UTC
Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@core3.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4906B3A694C for <ietfarch-ietf-dkim-archive@core3.amsl.com>; Tue, 19 Oct 2010 14:22:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.104
X-Spam-Level:
X-Spam-Status: No, score=-105.104 tagged_above=-999 required=5 tests=[AWL=1.495, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qHA9S8oQ0fxo for <ietfarch-ietf-dkim-archive@core3.amsl.com>; Tue, 19 Oct 2010 14:21:58 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by core3.amsl.com (Postfix) with ESMTP id 286DE3A67B8 for <ietf-dkim-archive@ietf.org>; Tue, 19 Oct 2010 14:21:58 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [127.0.0.1]) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id o9JLK9Y9030948; Tue, 19 Oct 2010 14:20:15 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=mipassoc.org; s=k00001; t=1287523216; bh=s2m1TwOTLY8OcHZzhrKhIS7Exy4=; h=Message-Id:Date:To: From:Mime-Version:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Content-Type: Content-Transfer-Encoding:Sender; b=F7DnZP++MDlv77Zib1RfGTfkWZewqV Mnc0s/MFkEvR8x4xd96s7HM5ItL4eCAa/Xq/5HcMOwSGkm3wRPjm9SKrCF6b1Tg1cGU lxU9EpUsgO9G+EkMrq0w/CdGI23GV4cuQ2f/4NnnA7oi3qTu6/JwFy3T2Rrr3oebUOH xUCfVVM=
Received: from ns1.qubic.net (ns1.qubic.net [208.69.177.116]) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id o9JLK3M8030919 for <ietf-dkim@mipassoc.org>; Tue, 19 Oct 2010 14:20:08 -0700
Authentication-Results: sbh17.songbird.com; dkim=pass (1024-bit key) header.i=@resistor.net
Received: from SUBMAN.resistor.net ([10.0.0.1]) (authenticated bits=0) by ns1.qubic.net (8.14.5.Alpha0/8.14.5.Alpha0) with ESMTP id o9JLJVJP008089 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-dkim@mipassoc.org>; Tue, 19 Oct 2010 14:19:54 -0700 (PDT)
Message-Id: <6.2.5.6.2.20101019121022.0bfa1898@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Tue, 19 Oct 2010 14:18:44 -0700
To: ietf-dkim@mipassoc.org
From: SM <sm@resistor.net>
Mime-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (sbh17.songbird.com [127.0.0.1]); Tue, 19 Oct 2010 14:20:16 -0700 (PDT)
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.70]); Tue, 19 Oct 2010 14:20:08 -0700 (PDT)
Subject: [ietf-dkim] Comments on draft-ietf-dkim-rfc4871bis-02
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
Hello, I commented on draft-ietf-dkim-rfc4871bis-01 previously ( http://mipassoc.org/pipermail/ietf-dkim/2010q4/014696.html ). draft-ietf-dkim-rfc4871bis-02 obsoletes RFC 4871. RFC 5672 updates RFC 4871. Why is the "RFC 4871 DomainKeys Identified Mail (DKIM) Signatures -- Update" document not being obsoleted by this document? In the Introduction Section: "DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message." Dave proposed a change to add a RFC 1034 reference in that sentence. DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message [RFC5322] by associating the domain name [RFC1034] with the message. I suggest adding a reference to RFC 5322 in there to make it clear what "message" is. As I mentioned previously, in Section 3.3: "In general, sha256 should always be used whenever possible." That text was in RFC 4871 too as part of the informative note. Could it be removed to avoid any dilution of the SHOULD in the "Signers MUST implement and SHOULD sign using rsa-sha256" sentence? In Section 3.3.3: "The practical constraint that large (e.g., 4096 bit) keys may not fit within a 512-byte DNS UDP response packet" Could a normative reference to RFC 1035 be added in that sentence? The practical constraint that large (e.g., 4096 bit) keys may not fit within a 512-byte DNS UDP response packet [RFC1035] I'll mention it again; in Section 3.5 for the d= tag: "Internationalized domain names MUST be encoded as described in [RFC3490]." And i= tag: "Internationalized domain names MUST be converted using the steps listed in Section 4 of [RFC3490] using the "ToASCII" function." Is there a reason why this working group requires that a document with an intended status of "Draft Standard" should have a normative reference to a RFC that has been obsoleted? In Section 5.3: "Similarly, a message that is not compliant with RFC5322, RFC2045 correct or interpret such content." I do not understand that sentence. "Therefore, a verifier SHOULD NOT validate a message that is not conformant." That sounds like good advice. According to draft-ietf-dkim-implementation-report-03, the interoperability and testing event was held in 2007. Was the above requirement tested during that event? If this working group wants to add such a requirement, I suggest setting the intended status of draft-ietf-dkim-rfc4871bis to "Proposed Standard". In Section 5.5: "Verifiers MUST be capable of verifying signatures even if one or more of the recommended header fields is not signed (with the exception of From, which must always be signed)" Is the last "must" a requirement? draft-ietf-dkim-rfc4871bis has an informative reference to RFC 5451. I note that the draft uses the "X-Authentication-Results" header field line. Regards, -sm _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- Re: [ietf-dkim] Commments and clarifications to 4… Scott Kitterman
- [ietf-dkim] Comments on draft-ietf-dkim-rfc4871bi… SM
- Re: [ietf-dkim] Commments and clarifications to 4… Murray S. Kucherawy
- Re: [ietf-dkim] IDNA Barry Leiba
- Re: [ietf-dkim] Commments and clarifications to 4… John Levine
- Re: [ietf-dkim] Comments on draft-ietf-dkim-rfc48… Murray S. Kucherawy
- Re: [ietf-dkim] Comments on draft-ietf-dkim-rfc48… John R. Levine
- Re: [ietf-dkim] Comments on draft-ietf-dkim-rfc48… Dave CROCKER
- Re: [ietf-dkim] Comments on draft-ietf-dkim-rfc48… Dave CROCKER
- Re: [ietf-dkim] Comments on draft-ietf-dkim-rfc48… John R. Levine
- Re: [ietf-dkim] Comments on draft-ietf-dkim-rfc48… SM
- [ietf-dkim] Commments and clarifications to 4871b… John R. Levine
- Re: [ietf-dkim] Comments on draft-ietf-dkim-rfc48… Dave CROCKER
- Re: [ietf-dkim] IDNA John R. Levine
- Re: [ietf-dkim] Comments on draft-ietf-dkim-rfc48… Murray S. Kucherawy
- Re: [ietf-dkim] Comments on draft-ietf-dkim-rfc48… SM
- Re: [ietf-dkim] Commments and clarifications to 4… SM
- Re: [ietf-dkim] Comments on draft-ietf-dkim-rfc48… SM
- [ietf-dkim] double headers, running code dep't John R. Levine
- Re: [ietf-dkim] Comments on draft-ietf-dkim-rfc48… Alessandro Vesely