Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE
2010-10-06 08:23:21Either the message has a valid DKIM signature, or it does not. If the signature is valid, then the signing domain takes responsibility for the message, subtly malformed or not. Just because the message lacks a Date: header or has bare linefeeds doesn't mean that the signing domain isn't responsible for it.
Recall that the original question was about a valid message with a valid signature, which the attacker mutated by adding an extra header that makes it an invalid message with a signature that still mechanically verifies. Who's responsible for it now?
Is it DKIM's job to make the verification fail, or is it an MUA's job to do something reasonable with malformed messages?
R's, John
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
| Previous by Date: | Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE, Dave CROCKER |
|---|---|
| Next by Date: | Re: [ietf-dkim] New Version Notification for draft-ietf-dkim-mailinglists-03, Murray S. Kucherawy |
| Previous by Thread: | Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE, Hector Santos |
| Next by Thread: | Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE, Murray S. Kucherawy |
| Indexes: | [Date] [Thread] [Top] [All Lists] |