ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: from'less 2822 messages

2008-01-25 17:07:12
John Levine wrote:
Frank, you're (inadvertently?) bringing up exactly the kind of
corner cases that I was trying to raise so that SSP implementations
have the same behavior in their presence. It may be that all we
practically need to do is refer to 2822 and say that if the From:
field is missing, or if the header field body is missing, or if
the domain part of the address spec is missing or not a datom(??),
then the algorithm terminates and returns, oh say, "malformed" or
something like that.

Well, gee.  What if there are two From: lines?  Three From: lines?  A
From: line with two addresses but no Sender:?  A From: line with two
addresses, one of which has no @ sign?  A From: line with a couple of
embedded carriage returns?  The number of ways one can construct a
string of bytes that is not a 2822 message is limitless, and it's hard
to see any beneft in trying to enumerate them.  If it's not a 2822
message, SSP doesn't apply.

John, do you write code? The current draft is completely silent on this
issue. It doesn't even say "SSP doesn't apply". Exception conditions
are the classic places that different implementations do different things,
including treating them as "suspicious" in the current draft's parlance
which is almost certainly completely wrong. Nor do we have to fall
prey to the strawman that we'd have to enumerate an infinite list.

But no, [self-important hectoring elided]

Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html