"Murray S. Kucherawy" <msk(_at_)cloudmark(_dot_)com> wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Scott
Kitterman
Sent: Tuesday, October 05, 2010 12:24 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple
5322.From
Nack. DKIM also purports to provide assurance that the signed content
of the message is unmodified. I think mentioning that all instances of
a header that is signed should be used for signing and verification is
a useful data point for implementors.
I'm having trouble parsing that. Aren't all instances of a signed field used
for verifying already? Or are you proposing an "If you sign one, you have to
sign them all" sort of approach?
That will wreak havoc with Received:, if so.
I'm suggesting making it clear that if one signs a type of field they should
sign all of them. I'm not suggesting adding any requirements that additional
types of fields be signed.
Scott K
P.S. I'm not sure I parsed your question correctly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html