Scott Kitterman wrote:
Murray S. Kucherawy wrote:
Doesn't DKIM try to detect modification of the portion covered by the
hashes, which is unchanged in this scenario?
For what I view as a very abstract definition of unchanged, sure. I think
adding additional From or Subject does change the content of the message From
or Subject. If one takes the view that we've defined things such that this
is
OK from a protocol definition perspective, so it's not an issue, I think
we've
lost sight of the original goal of this requirement in the protocol.
I think that this can be dealt with through an additional security
consideration and doesn't have to disrupt the rush to get this advanced
through the standards process.
+1.
Well, then again, one side of my is trying to be cooperative and
sensitive of those who want to "rush" the document. Minimize text
with not saying too much.
But the other side is saying technically "Fix this ASAP" - get the
proper protocol semantics in in the 4871bis specs and use this
incident or at least prepare a response ready against any negative PR
that could emerge as a plus to enhancing the marketability of DKIM as
a tool that helps solved a 25+ year old problem.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html