ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE

2010-10-06 02:21:22
from [MH Michael Hammer (5304)] [Permanent Link] 
I've cogitated on this a bit and spoken with a few knowledgeable people.
I'm an operations guy and only marginally a standards wonk.

So, my belief is that this is really more of a 5322 issue than a 4871
issue. Having said that, I'm not comfortable kicking the can down the
road given that what we know, this potentially leads to abuse.

If the message is malformed and nonconforming then would it be
appropriate to treat the malformed message as no signature? This would
be one approach that appears consistent with 4871 yet this grinds on me
because it means we are saying that a malformed message with a signature
is the same as a conforming signature with no signature.

We also have to consider that verifier may be an MTA or an MUA. The
implications (operationally) are different for each case. It has also
been pointed out to me that a mail implementation may try to fix a
malformed message.

Regardless of my belief that this is a 5322 issue, my personal
preference would be for DKIM verifiers to not validate malformed
messages with an outcome of something along the lines of "unable to
validate due to malformed message". I view this as different than DKIM
none. This is perhaps more of an operations perspective.

Just a few poorly expressed thoughts and lacking a concrete
recommendation that is actionable.

Mike



-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Murray S. Kucherawy
Sent: Wednesday, October 06, 2010 1:22 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-

bounces(_at_)mipassoc(_dot_)org] On Behalf Of Mark Delany

Sent: Tuesday, October 05, 2010 8:06 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE

There was an assertion in RFC4780 about "conforming emails" that

must

only have a single 2822.From header. That got lost in the

translation

to 4781 I guess. Unfortunately, 4780 failed to specify what
"conforming" means explicitly.

I also know that this WG has repeatedly stated that messages that

are

not within standard MUST fail verification.

That this is not in 4871 seems to be mostly a WG assumption that
should be made explicit.


I think several of us thought it was in there, but on review it

apparently

was indeed lost somewhere along the way.  We've certainly, as I

understand

it, been proceeding from that assumption for a very long time.

I like the idea of saying so explicitly in 4871bis, and applying it

both

to signers and to verifiers.

I don't like the idea of being any more specific than that.  That is,

I

don't want to create specific text for specific cases we know about
because that means anything we don't list could be perceived as less
critical.  A blanket admonishment to implementers is sufficient and
appropriate.

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE, Hector Santos
Next by Date:  Re: [ietf-dkim] Working group last call on draft-ietf-dkim-rfc4871bis, SM
Previous by Thread:  Re: [ietf-dkim] Fwd: Re: THIS IS A MULTIPLE 5322.FROM MESSAGE, Steve Atkins
Next by Thread:  Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]