ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] detecting header mutations after signing

2010-10-08 13:00:14
On Friday, October 08, 2010 01:41:15 pm Murray S. Kucherawy wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Scott 
Kitterman
Sent: Friday, October 08, 2010 10:01 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] detecting header mutations after signing

We want to re-submit DKIM Signing to Proposed Standard, in order to fix
an edge condition that is only a theoretical issue and only fixes a
problem that is actually outside of the scope of what DKIM is trying
to achieve?

Detecting modification in transit is outside the scope of what DKIM is
trying to achieve?

Doesn't DKIM try to detect modification of the portion covered by the
hashes, which is unchanged in this scenario?

For what I view as a very abstract definition of unchanged, sure.  I think 
adding additional From or Subject does change the content of the message From 
or Subject.  If one takes the view that we've defined things such that this is 
OK from a protocol definition perspective, so it's not an issue, I think we've 
lost sight of the original goal of this requirement in the protocol.

I think that this can be dealt with through an additional security 
consideration and doesn't have to disrupt the rush to get this advanced 
through the standards process.

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>