ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] detecting header mutations after signing

2010-10-15 12:28:29
from [Hector Santos] [Permanent Link] 
Steve,

I believe its about protocol consistency.  While the main focus is 
DKIM progress, its issues and resolutions are related to ADSP as well 
as its a WG product as well.

For example, ADSP implementations now know that they need to make 
there is only one 5322.From as well. Like most software, when it has a

      header = GetMailHeader("From:")

it is not expected to return a list of headers, but a single entry and 
that generally done by finding the first one.

In short, we have "marked this on the WG to-do" list for ADSP 
"updates" if any, and implementations now know what they need to add 
to their ADSP support.

Its all about synergism.  We can't just completely ignore it and then 
miss something that needs to be done later.

-- 
HLS

Steve Atkins wrote:

On Oct 15, 2010, at 9:50 AM, Murray S. Kucherawy wrote:


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles 
Lindsey
Sent: Friday, October 15, 2010 7:30 AM
To: DKIM
Subject: Re: [ietf-dkim] detecting header mutations after signing

And if we are not going to fix ADSP (yet), then the only way we can stop
that particular exploit is to fix DKIM.

Arguing that "ADSP is a completely separate discussion" will achieve
nothing.

If that's consensus, then we're on the slippery slope of "fixing" DKIM to 
deal with flaws at all layers above it.  And we'll never be done.


+1.

Any bug fixes for ADSP need to be done at the ADSP level.

If there's a bug that needs fixing at the DKIM level then if
should be something that clearly needs fixing based on
DKIM usage. (And I think that the very narrow case of
messages that violate 5322 through multiple headers
*may* be such, but any justification of that relying on ADSP
isn't helpful).

Cheers,
  Steve


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html







_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Last call comment: Changing the g= definition, Hector Santos
Next by Date:  Re: [ietf-dkim] ISSUE: 3.6.2.1 - Working with other TXT records, Hector Santos
Previous by Thread:  Re: [ietf-dkim] detecting header mutations after signing, Steve Atkins
Next by Thread:  Re: [ietf-dkim] detecting header mutations after signing, Charles Lindsey
Indexes:  [Date] [Thread] [Top] [All Lists]