ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] detecting header mutations after signing

2010-10-08 16:04:33
Wietse:
What I describe would be a best practice application of DKIM
mechanisms that already exist.

Mail is signed as if there are N+1 instances of each header that
is covered by the DKIM signature.  The verifier will then fail if
any such header is added after-the-fact.

With this, there is no need to rely on enforcement mechanisms
outside DKIM, such as the correct implementation of RFC 5322.
 
Murray S. Kucherawy:
I would suggest constraining that to include only those fields
that are 0-or-1 in RFC5322 Section 3.6.  For example, doing this
with Received: is begging for signature invalidation on otherwise
unaltered messages.

I see your point, but there are more "sensitive" headers than the
0-or-1 headers in RFC 5322 (IIRC, the N+1 signing method was
introduced to protect MIME headers).

I suppose that the guidelines for best practice application of DKIM
could recommend what headers to sign with the N+1 signing method.
These guidelines can be updated as RFC 5322 evolves, and as standards
that extend RFC 5322 introduce new "sensitive" headers.

        Wietse
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>