Steve Atkins wrote:
On Oct 26, 2010, at 1:49 AM, Hector Santos wrote:
Murray S. Kucherawy wrote:
8.14 Malformed Inputs
DKIM allows additional header fields to be added to a
signed message without breaking the signature.
This tolerance can be abused......
DKIM does not "allow" additional header fields.
Yes, it does. Section 5.4 of 4871 goes into quite a lot of detail about that,
and explains explicitly that you should list a header n+1 times if there are
n copies of it already if you don't want to allow more headers to be added,
or not if you do.
I see the intent but it can reworded. I think my nit which I did not
express, was how the immediate "tolerance" sentence that followed the
opening text negatively alters its implied meaning.
There is no tolerance. Its a DKIM feature and also a nature act of
email operations for additional unsigned fields to exist, i.e.
transport trace fields added to the already signed message.
Maybe a better text might be:
Per section 5.4, DKIM signed message allows the existence of
unsigned header fields or additional unsigned headers added
to the message during the transport process without breaking the
original signature. This natural email functionality can be abused with
the introduction of non-compliant RFC 5322 messages with two or
more headers that can only exist once per RFC 5322.
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html