On 10/14/2010 10:17 AM, John R. Levine wrote:
I don't see anyone proposing a deep dive into 5322 validation. But 4871
already says you MUST sign the From: header. Why is that OK, but saying
you MUST NOT sign or validate something with two From: headers is not?
We're not suggesting anything that would invalidate existing bits on the
wire, after all.
DKIM is full of layer violations where it tells people how to sign and
verify robustly.
Protocol specifications should require all of that actions that are essential
to
correct operation and none of the actions that are not.
A DKIM signature verifies or it doesn't. It delivers a signing domain or it
doesn't.
What is essential is that it perform the task of validating and delivering a
signing domain that is associated with a collection of bits. Anything that
defines how to do this is essential. Anything that can make this break needs
to
be covered, especially if there are ways to protect against the breakage.
Perhaps surprisingly, having redundant header fields does not make DKIM break.
And it is an issue outside of DKIM and, therefore, need not be "protected
against" by DKIM.
Also surprisingly, the same holds for more general message conformance
checking.
The checking does not make DKIM work, and it does not make it work better or
worse.
So it isn't needed.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html