On 10/19/10 1:45 PM, Dave CROCKER wrote:
On 10/19/2010 1:33 PM, John R. Levine wrote:
Re Security Considerations, it's better than nothing,
Not necessarily.
The current issue is part of a much larger one. We will not be
dealing with that larger set of security details because it is out
of scope. Dealing with a narrow piece of it, in a very narrow
specification, gives the patina of dealing with something, without
the substance.
So it establishes a false sense of resolving a security issue.
Ignoring pre-pended From headers in DKIM's verification process has
demonstrated trust established by a DKIM signature can then be
exploited. This ONLY affects the DKIM trust being established. While
this issue should not be resolved with /just/ changes to Security
Considerations, any update to DKIM must correct this serious deficiency.
DKIM does not permit assignment of negative reputations for undesired
messages when RCPT TO parameters are not apparent within the message.
This leaves the narrow use of DKIM being for establishing trust from
known good sources. This trust MUST NOT be extended to messages having
pre-pended From header fields, where the wrong field might be selected
for filtering or display. After all, ONLY the From header field is
assured by DKIM as being bound to the message. Consumers of DKIM
results should not need to understand the intricacies of the DKIM
process with respect to the From header field.
In addition, the Subject of this thread is not correct. The issue is
not related to either header or body mutations. The issue is related to
a From header fields being pre-pended to a signed message, where
evaluations of such a message can ONLY safely return PERMFAIL.
Returning anything else is likely to provide recipients a false sense of
security.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html