Last Call Review of draft-kucherawy-authres-header-b-
review-kucherawy-authres-header-b-secdir-lc-farrell-2010-06-10-00

Request Review of draft-kucherawy-authres-header-b
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-06-15
Requested 2010-05-04
Authors Murray Kucherawy
Draft last updated 2010-06-10
Completed reviews Secdir Last Call review of -?? by Stephen Farrell
Assignment Reviewer Stephen Farrell 
State Completed
Review review-kucherawy-authres-header-b-secdir-lc-farrell-2010-06-10
Review completed: 2010-06-10

Review
review-kucherawy-authres-header-b-secdir-lc-farrell-2010-06-10

Nice little document. (Which is much better than a nice
big document:-)

I see no substantive security issues here.

Two nits below. I've no real problem if they're ignored.

Stephen.

1. What if someone defines a MACing scheme for DKIM with
   a teensy-weensy MAC? There might be no way to get 8
   characters then. Suggest allowing the full authenticator
   in that case if its <8 bytes long. Very unlikely but
   maybe worth a sentence.

2. Apppendix A says:

  "Presumably due to a change in one of the five header fields covered
   by the two signatures, the former signature failed to verify while
   the latter passed."

   I think that could only happen if they use different c14n, if
   so maybe say so. Or could be better to say the results may
   differ due for key mgmt reasons (e.g. an inaccessible public key)
   or because the signature values have been corrupted. Reason to
   prefer those is that they're more likely. (Or am I missing
   something?)