On Wed, 13 Oct 2010 18:13:43 +0100, Jim Fenton <fenton(_at_)cisco(_dot_)com>
wrote:
My inclination is that the spec should say something like:
- The verifier SHOULD consider the signature invalid if a signed header
field occurs an inappropriate number of times in the message header
according to section 3.6 of RFC 5322.
- The verifier MAY consider the signature invalid if it detects other
message syntax violations of RFC 5322.
- (??) The verifier SHOULD consider the signature invalid if the List-Id
header field is signed and occurs more than once in violation of RFC
2919.
I think the first SHOULD needs to be a MUST (especially as it is a fairly
simple test to implement).
The MAY is fine.
The second SHOULD is fine, except that it should be a blanket coverage of
all other standards that define header fields limited to one occurrence.
We can't expect implementers to keep up-to-date with EVERY such standard,
but they should try to do as much as they can. If SHOULD is too strong for
that sort of approach, then I would make it a MAY with an "encouragement"
do you as much as they can. Obvious candidates are the List-* headers and
RFC204[56].
The last provision worries me a bit because it opens the door to other
specifications that define header fields. On the other hand, I can
picture an attack involving insertion of a bogus List-Id header field in
order to influence the handling of the message.
See above.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html