Re: [ietf-dkim] detecting header mutations after signing

ietf-dkim

Re: [ietf-dkim] detecting header mutations after signing

2010-10-08 15:19:12

If I understand things correctly, the solution is already available
in DKIM today.  It involves signer configuration (sign for N+1
instances of each header that is covered by the signature) and
requires no change in protocol or semantics. It merely hardens the
DKIM signature and I see nothing wrong with doing so.

If I am mistaken then please correct me.


It depends on the Application implementation of DKIM.


What I describe would be a best practice application of DKIM
mechanisms that already exist.

Mail is signed as if there are N+1 instances of each header that
is covered by the DKIM signature.  The verifier will then fail if
any such header is added after-the-fact.

With this, there is no need to rely on enforcement mechanisms
outside DKIM, such as the correct implementation of RFC 5322.

        Wietse
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] detecting header mutations after signing, (continued) Re: [ietf-dkim] detecting header mutations after signing, John R. Levine Re: [ietf-dkim] detecting header mutations after signing, Michael Thomas Re: [ietf-dkim] detecting header mutations after signing, John R. Levine Re: [ietf-dkim] detecting header mutations after signing, Wietse Venema Re: [ietf-dkim] detecting header mutations after signing, Hector Santos Re: [ietf-dkim] detecting header mutations after signing, Alessandro Vesely Re: [ietf-dkim] detecting header mutations after signing, Murray S. Kucherawy Re: [ietf-dkim] detecting header mutations after signing, Dave CROCKER Re: [ietf-dkim] detecting header mutations after signing, Wietse Venema Re: [ietf-dkim] detecting header mutations after signing, Hector Santos Re: [ietf-dkim] detecting header mutations after signing, Wietse Venema <= Re: [ietf-dkim] detecting header mutations after signing, Murray S. Kucherawy Re: [ietf-dkim] detecting header mutations after signing, Wietse Venema Re: [ietf-dkim] detecting header mutations after signing, Jeff Macdonald [ietf-dkim] Inadvertent Spoof, Hector Santos Re: [ietf-dkim] Inadvertent Spoof, Jeff Macdonald Re: [ietf-dkim] Inadvertent Spoof, Hector Santos Re: [ietf-dkim] detecting header mutations after signing, John R. Levine Re: [ietf-dkim] detecting header mutations after signing, Hector Santos Re: [ietf-dkim] detecting header mutations after signing, John R. Levine Re: [ietf-dkim] detecting header mutations after signing, Hector Santos

Previous by Date:	Re: [ietf-dkim] detecting header mutations after signing, Hector Santos
Next by Date:	Re: [ietf-dkim] detecting header mutations after signing, Murray S. Kucherawy
Previous by Thread:	Re: [ietf-dkim] detecting header mutations after signing, Hector Santos
Next by Thread:	Re: [ietf-dkim] detecting header mutations after signing, Murray S. Kucherawy
Indexes:	[Date] [Thread] [Top] [All Lists]