ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Issue: 4871bis - section 5.4/5.5 clarify 5322.From requirement

2010-10-15 23:16:35
from [Hector Santos] [Permanent Link] 
Steve Atkins wrote:


Hector wrote:
The spec says

5.4.  Determine the Header Fields to Sign

   The From header field MUST be signed (that is, included in the "h="
   tag of the resulting DKIM-Signature header field).

That means to me it MUST exist to be signed.


"h=From" for a message that has no From: header when signed
means that the message must have no From: header when the
signature is validated, I think? And 5.4 just says you must include

From in the h= tag, not that it must exist.


A missing From: field makes the message not a 5322 message,
but I'm not sure what that implies for DKIM.


I see your point.

Since a 5322.From is a required header for a valid RFC5322 message 
(From and Date are the two that required by RFC2822 and RFC5322, for 
RFC822, it requires the To (or BC) as well), I believe the expectation 
that it exist in the message for DKIM to imply it must exist in h=From.

For our MDA/MSA, it will definitely invalidate an incoming message 
header but I don't recall the details.  From old discussions in 
IETF-SMTP, I am pretty sure most MDA/MSA will enforce a 5322.From as 
well.  I think the exception if when the client is local (internal) or 
maybe authenticated.

The Alt-N DKIM API we are using will definitely fail to sign the 
message if a From is missing and it will fail to verify as well 
because there has to be a h=from and matching 5322.From.

This probably means that it should clarified what that 5.4 sentence 
means and also the next section 5.5

5.5.  Recommended Signature Content

    ..

    The following header fields SHOULD be included in the signature, if
    they are present in the message being signed:

    o  From (REQUIRED in all signatures)


It reads to me that From is the SHOULD exception to a MUST.

But I can definitely see what you mean, because if it means that you 
have to add  h=from without a real 5322.From, then a signature might 
be signed and be technical DKIM valid but only against those systems 
that are not enforcing a 5322.from header.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Data integrity claims, Dave CROCKER
Next by Date:  Re: [ietf-dkim] ISSUE: 3.6.2.1 - Working with other TXT records, SM
Previous by Thread:  Re: [ietf-dkim] ISSUE: 3.6.2.1 - Working with other TXT records, Steve Atkins
Next by Thread:  Re: [ietf-dkim] Issue: 4871bis - section 5.4/5.5 clarify 5322.From requirement, Charles Lindsey
Indexes:  [Date] [Thread] [Top] [All Lists]