On Fri, 05 Nov 2010 18:46:37 -0000, Douglas Otis
<dotis(_at_)mail-abuse(_dot_)org>
wrote:
Append to Section 6 Verifier Actions:
It is not reasonable to assume a message is in compliance with RFC5322.
To mitigate trivial exploitation of trust established by DKIM
signatures, messages having multiple header fields for "orig-date",
"from", "sender", "reply-to", "to", "cc", "message-id", "in-reply-to",
"references", or "subject" MUST always return PERMFAIL for any DKIM
signature associated with the message. When there are multiple
singleton header fields, a field selected for display or sorting is
therefore undefined. Likely top-down selections by consumers of DKIM
status where the signature verification selects bottom-up leaves
singleton headers highly prone to trivial exploitation.
+0.75
I prefer requiring the signer to make such a check and then verifying that
the signer had done so. It comes to the same thing, of course (it
establishes that no extra headers had appeared in between, or
alternatively that no malicious signer had failed to make the check). See
wording proposed by Hector and myself.
The benefit of this approach is that we avoid accusations ot "layer
violations".
Note also that it is also sufficient to address only this "header
counting" violation of 5322. If any other 5322 violation is present (e.g.
a malformed header, which might be part of some scam) then, assuming that
header has been signed, the evidence of the malformation will be preserved
and its effect will be the same as if such a scam were attempted with
current unsigned messages.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html