On Wed, 19 Oct 2005, Michael Thomas wrote:
william(at)elan.net wrote:
On Wed, 19 Oct 2005, Michael Thomas wrote:
The only way to have the length specifier not be a security
vulnerability is to require all verifiers to strip all content that
exceeds the length.
Which is to say that today (eg, pre-DKIM), any inbound MTA ought to strip
all content.
Correct?
I'm surprised to hear that from you. I thought it was well understood
that we were talking about this only being done when signature is
present (and has been verified) that includes length and that length
does not match the actual message.
Er, um, oh bother. The point being that currrently mail is not signed
yet we somehow limp on without stripping "extra" content. There's
not much reason to believe that the transition to our future cannot still
allow for shades of gray for some period of time.
For filtering and reputation assesment maybe. But if you want to do
anti-spoofing protection for certain email identities, that is not ok.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
ietf-dkim mailing list
http://dkim.org