+1
Once it becomes a subjective design with indeterminate states, the
game is over. But then again, that is probably what this draft is
looking for - narrowing down some of the subjective designs because
maybe they are not subjective and can fall under a non-compliancy status.
IMV, not much will be done (expend resources, time and money to change
software) unless there are security related issues. The multi-from
issue and how it related to DKIM is one of them. This particular
discovery should be shared for the rest of the non-dkim world to mitigate.
--
Sincerely
Hector Santos
http://www.santronics.com
Douglas Otis wrote:
On 11/30/10 11:55 AM, Murray S. Kucherawy wrote:
On Tuesday, November 30, 2010 11:11 AM, Douglas Otis wrote:
DKIM should be repaired to ensure deceptive malformed header fields do
not verify as having valid DKIM signatures to prevent the exploits, such
as having multiple singleton header fields invalidate signatures. DKIM
should have included checks necessary to disqualify messages likely
crafted by malefactors. These checks may need to grow over time. The
impact of adding checks to DKIM's verification process will not justify
new mandates for making message repairs or rejections by SMTP or MUAs.
[...]
I think this is completely off-topic for the work being discussed
here, Doug. The discussion has to do with what MTAs, and perhaps MUAs
if that's appropriate, should do with common malformations independent
of things like DKIM.
Murray,
Any deviations from standards normally used by malefactors to deceive
recipients should be rejected! Unfortunately this draft suggests:
1) Ignore
2) Repair
3) Reject
Ignoring and repairing remains problematic. IMHO, repair will never be
required for SMTP or MUA level compliance. Without format compliance
being part of trust related verifications, systems claiming enhanced
levels of trust will not be trustworthy. Since SMTP does not mandate
non-compliance be rejected, the only reasonable strategy is to ensure
mechanisms such as DKIM makes no exploitable assertions when confronting
malformed messages.
I see this draft as a dubious attempt to suggest SMTP or MUAs should be
expected to defend enhanced levels of trust based upon mechanisms such
as DKIM. This is inherently wrong, as this will result in indeterminate
message status and untrustworthy systems.
-Doug