ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] draft-ietf-dkim-rfc4871bis-07 // Attacks Involving Additional Header Fields

2011-04-25 23:20:51
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Douglas Otis
Sent: Monday, April 25, 2011 6:33 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org; Barry Leiba; Pete Resnick
Subject: [ietf-dkim] draft-ietf-dkim-rfc4871bis-07 // Attacks Involving
Additional Header Fields

Double listing in the "h=" tag can not fully mitigate risks related to
appended header fields when messages are signed by a different domain
than the domain found in the appended From header field.

DKIM doesn't create any binding between the RFC5322.From domain and the "d=" 
value as you're doing.  What you're talking about here falls into the realm of 
ADSP or other policy-like assertions, not DKIM itself which is the topic of 
this draft.


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html