[Top] [All Lists]

Re: New Version Notification for draft-kucherawy-mta-malformed-00

2010-12-01 10:18:56


Once it becomes a subjective design with indeterminate states, the game is over. But then again, that is probably what this draft is looking for - narrowing down some of the subjective designs because maybe they are not subjective and can fall under a non-compliancy status.

IMV, not much will be done (expend resources, time and money to change software) unless there are security related issues. The multi-from issue and how it related to DKIM is one of them. This particular discovery should be shared for the rest of the non-dkim world to mitigate.


Hector Santos

Douglas Otis wrote:

On 11/30/10 11:55 AM, Murray S. Kucherawy wrote:
On Tuesday, November 30, 2010 11:11 AM, Douglas Otis wrote:

DKIM should be repaired to ensure deceptive malformed header fields do
not verify as having valid DKIM signatures to prevent the exploits, such
as having multiple singleton header fields invalidate signatures.  DKIM
should have included checks necessary to disqualify messages likely
crafted by malefactors.  These checks may need to grow over time.  The
impact of adding checks to DKIM's verification process will not justify
new mandates for making message repairs or rejections by SMTP or MUAs.
I think this is completely off-topic for the work being discussed here, Doug. The discussion has to do with what MTAs, and perhaps MUAs if that's appropriate, should do with common malformations independent of things like DKIM.

Any deviations from standards normally used by malefactors to deceive recipients should be rejected! Unfortunately this draft suggests:

1) Ignore
2) Repair
3) Reject

Ignoring and repairing remains problematic. IMHO, repair will never be required for SMTP or MUA level compliance. Without format compliance being part of trust related verifications, systems claiming enhanced levels of trust will not be trustworthy. Since SMTP does not mandate non-compliance be rejected, the only reasonable strategy is to ensure mechanisms such as DKIM makes no exploitable assertions when confronting malformed messages.

I see this draft as a dubious attempt to suggest SMTP or MUAs should be expected to defend enhanced levels of trust based upon mechanisms such as DKIM. This is inherently wrong, as this will result in indeterminate message status and untrustworthy systems.


<Prev in Thread] Current Thread [Next in Thread>
  • Re: New Version Notification for draft-kucherawy-mta-malformed-00, Hector Santos <=