On 10/13/2010 3:17 PM, John R. Levine wrote:
We put a bunch of stuff in DKIM to allow benign modifications of messages,
notably relaxed canoncalization. (We can argue about whether l= is
useful, but it's easy enough to ignore if one thinks it isn't.) I think
it's also reasonable to put stuff in to disallow malevolent modifications.
Putting things in to be more robust against vagaries of travel is quite
different from adding things to resist actual attack.
In particular, note that nothing being discussed, here, invalidates the
signature. The topics being discussed concern processing that really is
outside
of DKIM. Therefore its discussion is outside of DKIM.
Most of the confusion is exactly the difference between DKIM as a labeling
technology versus DKIM as a "message protection" technology.
On 10/13/2010 3:30 PM, Murray S. Kucherawy wrote:
I'm talking about a dual-From: message that wasn't signed at all. An MUA
will still show the "wrong" one. So I fail to see why a DKIM specification
needs to make a normative requirement about a problem that's been around
since years before the acronym "DKIM" ever appeared anywhere.
+1
On 10/13/2010 3:47 PM, Murray S. Kucherawy wrote:
I'm concerned that if we name that specific check, that's all people will do
and then think they're safe.
Exactly! We are not tasked with dealing with the larger security issues and
this is but a piece of it. Tackling only this tiny piece constitutes woefully
incomplete work and it's really out of scope.
DKIM simply highlights an issue that's been there for a very long time now.
Actually, no. DKIM does not highlight this. What is highlighting this is
security discusses that come from wanting to apply DKIM to more than it is
designed for. It is the /discussions/ that highlight this, not DKIM. (I'm not
playing semantics here. I'm playing scope.)
Given that DKIM's core algorithms are the same as those used for "message
security", it's pretty easy to imagine applying DKIM to these other, larger
issues, but that's a separate engineering effort.
On 10/13/2010 4:09 PM, MH Michael Hammer (5304) wrote:
I've said for a long time (from a phishing perspective) that if we let "bad"
stuff (from a brand perspective) get to the enduser
...
Having said that, if an MUA is going to present an indication of "DKIM PASS"
to the enduser,
...
I understand the issues raised by Murray about the slippery slope. On the
other hand, I would rather see an MUA present nothing about DKIM than give a
false impression to endusers.
Fundamentally, everything in your note suffers from being both valid but
irrelevant (to the current discussion about DKIM). It's valid and even
essential, to a different, larger discussion.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html