Re: [ietf-dkim] DKIM does not claim content is correct

ietf-dkim

[Top] [All Lists]

<prev [Date] next>

<prev [Thread] next>

Re: [ietf-dkim] DKIM does not claim content is correct

2009-01-28 09:16:47

from [Dave CROCKER]

[Permanent Link]



Suresh Ramasubramanian wrote:

Doesnt have to sign *all* - but some key fields like an authenticator
and/or received headers that stamp Received: from (foo(_at_)localhost) say

...

Yes I know dkim doesnt validate content .. grandma v/s botmaster is
reputation hijack, an entirely different kettle of fish and not
germane here.



My point was more basic than whether the signer can be subverted.

My point is that DKIM semantics do not include a statement about the 
truthfulness of *any* message data, except the d= and probably the i= tags in 
the DKIM-Signature: field.

It provides data integrity, for the portions covered by the hash, and it 
authenticates the asserted "signing identity".  It does *not* assert 
authorization of the From: field.

Given the community tendency to make assumptions about DKIM that aren't in the 
specification, this really is worth being extremely careful about.

d/
-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] RFC4871bis, (continued) Re: [ietf-dkim] RFC4871bis, Suresh Ramasubramanian Re: [ietf-dkim] RFC4871bis, Suresh Ramasubramanian [ietf-dkim] DKIM does not claim content is correct, Dave CROCKER Re: [ietf-dkim] DKIM does not claim content is correct, J.D. Falk Re: [ietf-dkim] DKIM does not claim content is correct, Dave CROCKER Re: [ietf-dkim] DKIM does not claim content is correct, Jon Callas Re: [ietf-dkim] DKIM does not claim content is correct, J.D. Falk Re: [ietf-dkim] DKIM does not claim content is correct, Jim Fenton Re: [ietf-dkim] DKIM does not claim content is correct, Suresh Ramasubramanian Re: [ietf-dkim] DKIM does not claim content is correct, Suresh Ramasubramanian Re: [ietf-dkim] DKIM does not claim content is correct, Dave CROCKER <= Re: [ietf-dkim] DKIM does not claim content is correct, Suresh Ramasubramanian Re: [ietf-dkim] DKIM does not claim content is correct, Dave CROCKER Re: [ietf-dkim] DKIM does not claim content is correct, Suresh Ramasubramanian Re: [ietf-dkim] DKIM does not claim content is correct, Dave CROCKER Re: [ietf-dkim] DKIM does not identify senders, and we have big semantic problems, John Levine Re: [ietf-dkim] DKIM does not identify senders, and we have big semantic problems, Suresh Ramasubramanian Re: [ietf-dkim] DKIM does not identify senders, and we have big semantic problems, Dave CROCKER Re: [ietf-dkim] DKIM does not identify senders, and we have big semantic problems, John R. Levine Re: [ietf-dkim] DKIM does not identify senders, and we have big semantic problems, Dave CROCKER Re: [ietf-dkim] DKIM does not identify senders, and we have big semantic problems, Douglas Otis

Previous by Date:	Re: [ietf-dkim] draft Errata on RFC 4871, Dave CROCKER
Next by Date:	Re: [ietf-dkim] DKIM does not claim content is correct, Suresh Ramasubramanian
Previous by Thread:	Re: [ietf-dkim] DKIM does not claim content is correct, Suresh Ramasubramanian
Next by Thread:	Re: [ietf-dkim] DKIM does not claim content is correct, Suresh Ramasubramanian
Indexes:	[Date] [Thread] [Top] [All Lists]