Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE

Hector Santos wrote:

> Right. Does this add "signer" reputation weight for the injected
> 5322.From?
Probably not.  AFAICT mipassoc.org doesn't verify DKIM sigs on list 
messages, and even if it did, a verified DKIM sig (such as one created by 
the original author of the message) doesn't tell anything about the 
legitimacy of the use of the From identity.

> Personally, -1 on suggesting a h=from:from, because you are assuming
> that operators are actually defining a h= tag.  If its blank, its
> falls back to the semantics written - use the LAST header found.
No.  h= must not be empty.  The spec explicitly forbids this.

Cf. http://tools.ietf.org/html/rfc4871#page-20

> h=   [...]
>      This list MUST NOT be empty.  [...]
As for a possible change in RFC 4871bis, if you look at page 41 of 
4871bis-01 (page 36 in RFC 4871), it already has this nice little note:

|       INFORMATIVE NOTE: A header field name need only be listed once
|       more than the actual number of that header field in a message at
|       the time of signing in order to prevent any further additions.
|       For example, if there is a single Comments header field at the
|       time of signing, listing Comments twice in the "h=" tag is
|       sufficient to prevent any number of Comments header fields from
|       being appended; it is not necessary (but is legal) to list
|       Comments three or more times in the "h=" tag.

I suggest replacing "Comments" with "From".  That should solve the 
problem.

-Julian

signature.asc
Description: This is a digitally signed message part.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html