ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] detecting header mutations after signing

2010-10-13 14:50:18
-----Original Message-----
From: John R. Levine [mailto:johnl(_at_)iecc(_dot_)com]
Sent: Wednesday, October 13, 2010 12:17 PM
To: Murray S. Kucherawy
Cc: DKIM
Subject: Re: [ietf-dkim] detecting header mutations after signing

I'm certainly not suggesting a full 5322 body cavity search, but I think
reasonable checks would include checking for duplicates of headers that
MUAs are likely to show, such as Subject, To, From, Sender, and Cc.

I'm concerned that if we name that specific check, that's all people will do 
and then think they're safe.  And later some other "attack" will come to light, 
and because we didn't just say the message has to be compliant overall, we've 
now left a hole behind.  We'll never be finished.

And as a developer I have a problem with something up in the higher layers 
trying to compensate for bugs, complacency or misguided attempts at being 
"nice" in the lower layers or adjacent higher layers.

DKIM simply highlights an issue that's been there for a very long time now.  
The right way to fix a problem is to deal with it where the problem exists, not 
to scatter bandages all over the place.


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>