ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] ADSP stats

2011-04-27 19:06:15
Barry,

Ticket #17 was listed as a duplicate of Ticket #4
http://trac.tools.ietf.org/wg/dkim/trac/ticket/17

This is not correct!

The result of Ticket #4 was a change that simply said:
,---
Internationalized domain names MUST be converted as described in Section 
2.3 of [RFC5890] to "A-Labels"
'---

This failed to specify Fake A-Labels should not be permitted.  The point 
made by Ticket #17.  RFC5980 introduces restrictions against 3,329 
confusable unicode points not excluded by RFC3490.  Unless A-label 
validity checks are made by DKIM, it is not reasonable to assume 
RFC5980's added protection are afforded or that it is proper to validate 
this very critical input.  This issue becomes extremely important once 
 From domains are displayed using UTF-8.  DKIM should be prepared for 
this imminent change and anticipate the likely "confusable" exploitation 
techniques.

-Doug

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>