ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE

2010-10-05 17:56:50
President Obama wrote:

[...]

Funny, but this shows nothing because mipassoc.org resigns messages 
(d=mipassoc.org).  (Oh, and it even included *two* "From"s in h= on your 
message.)

I propose the following addition text by adding to 48721bis to address
this serious issue;

   Special Consideration for Verifying and Signing From: Header

   As an exception, header hash verification MUST be done for all
   5322.From fields and not just the last one.  Signing MUST be done
   for all 5322.From fields found, even though RFC5322 recommends
   only one 5322.From should be used. This will mitigate any
   replay that prepends a new 5322.From header to a DKIM signature
   valid message.  Some MUAs have shown to display only the first
   5322.From header found.

-1.  Why do you insist on changing the hashing semantics to special-case
"From"?  Recommending that one more "From" be added to h= (and hashed) 
than From headers are initially placed in the message should be enough.  
There is no need to change the semantics of the spec.

-Julian

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html