ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] detecting header mutations after signing

2010-10-21 05:06:41


--On 20 October 2010 15:42:32 -0700 Douglas Otis 
<dotis(_at_)mail-abuse(_dot_)org> 
wrote:


 But, hey, I'm on your side here. I think we should put a warning in
 the RFC so that vendors are informed that they need to be sure
 they're highlighting the correct header.

Why?  There would not be a problem when DKIM verification results return
PERMFAIL when there is any doubt which From header field might be
selected when more than one exists.

Well, that would be even better. But that's a change to the spec. If the 
spec were changed, I'd be happy about that. In the mean time, we need to 
warn implementers about the security risks that we've identified.

-Doug

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html



-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>