ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] detecting header mutations after signing

2010-10-13 14:19:46
If we can extract DKIM from the equation entirely and the problem 
remains, how is it a DKIM problem?

But it doesn't.  Absent a DKIM signature, nobody's making any assertions 
about incoming messages, and there's no reason to treat duplicate headers 
as anything beyond a software bug.

With a valid DKIM signature from a credible signer, I would really like to 
be able to drop a message into the recipient's inbox without further 
processing.  If I have to run it through spamassassin anyway to detect 
message mutations that DKIM doesn't, its utility is vastly less.

We put a bunch of stuff in DKIM to allow benign modifications of messages, 
notably relaxed canoncalization.  (We can argue about whether l= is 
useful, but it's easy enough to ignore if one thinks it isn't.)  I think 
it's also reasonable to put stuff in to disallow malevolent modifications.

I'm certainly not suggesting a full 5322 body cavity search, but I think 
reasonable checks would include checking for duplicates of headers that 
MUAs are likely to show, such as Subject, To, From, Sender, and Cc.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>