ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] draft-levine-dkim-adsp-00

2008-05-29 03:15:10
from [Charles Lindsey] [Permanent Link] 
On Tue, 27 May 2008 08:28:58 +0100, Douglas Otis 
<dotis(_at_)mail-abuse(_dot_)org>  
wrote:


On May 26, 2008, at 3:18 AM, Charles Lindsey wrote:


On Sat, 24 May 2008 22:26:34 +0100, Douglas Otis <dotis(_at_)mail-
abuse.org>
wrote:


This draft also avoids restrictions on the DKIM identity
parameters, since the _only_ relevant issue is whether a message
should be signed by an Author Key Domain,...


WRONG! It MUST be signed by *every* Author Key Domain (in the event
there are severl authors with different domains in the From header).


Review Section 2.4 definition of Author Key Domain and Section 2.5 the
definition of Author.  The check does not depend upon an identity
parameter nor limit the check to single Author Domain.

http://www.ietf.org/internet-drafts/draft-otis-dkim-adsp-02.txt

It could be more productive to recommend what text in the draft should
change.


This WG has already agreed that, where multiple addresses exist in a From  
header, they must ALL satisfy whatever ADSP checks we eventually agree on  
(for otherwise therr is an obvious loophole that every phisher will walk  
through).

Agreed, multiple From addresses are rare (phishers walking through  
loophole excepted).

Now if all the From addresses in that header are different local-parts @  
the same domain, then there is only one Author Key domain, and no special  
problem. But in the (even rarer case) where the From addresses are from  
unrelated domains, then there is no alternative than to attach separate  
signatures for each such domain (or at least those domains which publish  
strict/locked/whatever ADSP).

If that is what your draft says, then fine. But it is NOT what your  
message which I quoted said, and that is what I was complaining about.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Consensus check: Domain Existence Check, Stephen Farrell
Next by Date:  Re: [ietf-dkim] draft-levine-dkim-adsp-00 vs draft-otis-dkim-adsp-002, Charles Lindsey
Previous by Thread:  Re: [ietf-dkim] draft-levine-dkim-adsp-00, Douglas Otis
Next by Thread:  Re: [ietf-dkim] draft-levine-dkim-adsp-00, Stephen Farrell
Indexes:  [Date] [Thread] [Top] [All Lists]