ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] authentication result headers are an unsafe alternative

2006-04-18 11:26:59
from [Douglas Otis] [Permanent Link] 

On Apr 18, 2006, at 10:42 AM, Scott Kitterman wrote:
From a protocol design perspective, I think the right answer is to design for the case where the receiving MTA/MDA will check the signature and record a result that, if appropriate, an MUA can use.
Depending upon an unsigned "results" header being added to the message is an unsafe practice.
It is not practical to determine who added the "results" header, whether the MDA strips/adds all prior results headers, and whether all possible backup and alternative paths also strip/adds all "results" headers. Retaining the integrity of the DKIM signature for a suitable period should permit message verification for transports that carry messages beyond the MDA. Message protection beyond SMTP is an important aspect of DKIM. Reliance upon a results header may produce many years of victims that DKIM intended to protect. 

Explain the motivation for not including DKIM protection beyond SMTP?

-Doug
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Expiration Tag (x=) is required to minimize DNSlookups., Steve Atkins
Next by Date:  Re: [ietf-dkim] authentication result headers are an unsafe alternative, Scott Kitterman
Previous by Thread:  Re: [ietf-dkim] x= lets senders expire responsibility, Scott Kitterman
Next by Thread:  Re: [ietf-dkim] authentication result headers are an unsafe alternative, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]