Re: [ietf-dkim] detecting header mutations after signing

ietf-dkim

Re: [ietf-dkim] detecting header mutations after signing

2010-10-08 22:24:48

With this, there is no need to rely on enforcement mechanisms
outside DKIM, such as the correct implementation of RFC 5322.


I would suggest constraining that to include only those fields that are 
0-or-1 in RFC5322 Section 3.6.  For example, doing this with Received: 
is begging for signature invalidation on otherwise unaltered messages.


Signed Received headers at all is asking for trouble, but I take your 
point.  So here's a 0th cut at a list of headers where we should recommend 
N+1 entries in the h=

rfc 5322

   From
   Sender
   Reply-To  (maybe not, since often smashed by mailing lists)
   To
   Cc        (not Bcc even though it's 0/1)
   Message-ID
   Subject
   Date

rfc 4021

   MIME-Version
   Content-Type


R's,
John
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] detecting header mutations after signing, (continued) Re: [ietf-dkim] detecting header mutations after signing, Dave CROCKER Re: [ietf-dkim] detecting header mutations after signing, Wietse Venema Re: [ietf-dkim] detecting header mutations after signing, Hector Santos Re: [ietf-dkim] detecting header mutations after signing, Wietse Venema Re: [ietf-dkim] detecting header mutations after signing, Murray S. Kucherawy Re: [ietf-dkim] detecting header mutations after signing, Wietse Venema Re: [ietf-dkim] detecting header mutations after signing, Jeff Macdonald [ietf-dkim] Inadvertent Spoof, Hector Santos Re: [ietf-dkim] Inadvertent Spoof, Jeff Macdonald Re: [ietf-dkim] Inadvertent Spoof, Hector Santos Re: [ietf-dkim] detecting header mutations after signing, John R. Levine <= Re: [ietf-dkim] detecting header mutations after signing, Hector Santos Re: [ietf-dkim] detecting header mutations after signing, John R. Levine Re: [ietf-dkim] detecting header mutations after signing, Hector Santos Re: [ietf-dkim] detecting header mutations after signing, MH Michael Hammer (5304) Re: [ietf-dkim] detecting header mutations after signing, Charles Lindsey Re: [ietf-dkim] detecting header mutations after signing, Wietse Venema Message not available Re: [ietf-dkim] detecting header mutations after signing, Charles Lindsey Re: [ietf-dkim] detecting header mutations after signing, Murray S. Kucherawy Re: [ietf-dkim] detecting header mutations after signing, Jeff Macdonald [ietf-dkim] What DKIM provides, again, Murray S. Kucherawy

Previous by Date:	[ietf-dkim] Inadvertent Spoof, Hector Santos
Next by Date:	Re: [ietf-dkim] Inadvertent Spoof, Jeff Macdonald
Previous by Thread:	Re: [ietf-dkim] Inadvertent Spoof, Hector Santos
Next by Thread:	Re: [ietf-dkim] detecting header mutations after signing, Hector Santos
Indexes:	[Date] [Thread] [Top] [All Lists]