ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] detecting header mutations after signing

2010-10-13 17:39:18
Murray S. Kucherawy wrote:
-----Original Message-----

I don't understand how that follows.  I'm talking about a dual-From: message 
that wasn't signed at all.  An MUA will still show the "wrong" one.  So I 
fail to see why a DKIM specification needs to make a normative requirement 
about a problem that's been around since years before the acronym "DKIM" ever 
appeared anywhere.


No one is saying that DKIM is at fault for the old problem.  But it is 
at fault when it fails to do anything about it when it can and is 
designed to do this.

The issue again is section 5.4 saying only to sign the last one when 
there are duplicates.

Well, it failed to provide the normative information that there could 
only exist one 5322.from and provide an exception rule for this.

It provided a note about the "Comment" header.  It needs to do one for 
5322.From and others.

The problem with the updated text is that it makes it sound like its 
an optional consideration to check for this because it tries to lie 
the burden on others for the problem.

Sure, the problem existed but only now is there a focus on how this 
can be a real problem because of the "trust" part the DKIM tries to 
add to the picture.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>