ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] SSP security relies upon the visual domain appearance

2005-11-18 09:33:26


John Levine wrote:
The "From:" header should not be signed if it contains more than one sending address. ...


Does anyone see such a statement as causing a problem?


I see it as needless and futile micromanagement.

Pithy. Kind of a needless and futile sentence though:-)

> The point of a DKIM
signature is that the signer is taking responsibility for the message.
The only semantics that a DKIM signature has is "blame us if you don't
like this message."  That's it.

We don't know all of the reasons that a signer might legitimately want
to sign multiple From: addresses, nor do we know all of the ways that
a bad guy might try to trick someone into signing his message, with
multiple From: addresses being rather low on that list.

That's fair enough.

I could easily imagine an SSP-like system limiting itself to a subset
of otherwise syntactically valid messages, e.g. only one address in
the From: line, sender matches signer, or any of a host of other
rules.  But for the basic DKIM, a signer can sign anything he's
willing to, and please leave it at that.

Yes, that's what we're getting at.

So if, during the threat analysis, we identify some such
constraints that make life easier/better when combined with
some ssp options then we could consider standardising them,
or did you mean that any such constraints should be just up
to the individual implementer/signer?

Stephen.

_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>