ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Ticket 23 -- l= and Content-type

2011-05-01 16:32:25
Alessandro Vesely wrote:
On 01/May/11 06:18, John R. Levine wrote:
What's your counter-proposal to Alessandro's proposal to modify 9.1.1?
Oh, that.  Replace all of sec 9.1 with:

  "As noted in Section 4.4.5, use of the l= tag enables a variety of
  attacks in which added content can partially or completely changes the
  recipient's view of the message."

I don't think we actually understand all the ways that l= allows you to 
shoot yourself in the foot, so I would prefer not to give the impression 
that if people avoid a few cases we describe, they're safe.

-1, I agree we don't know all the ways DKIM can be fooled.  Neither we
actually saw real attacks in the wild.  We don't even state how to
react to multiple Froms.  Presumably, the wider the DKIM deployment,
the more we'll learn on handling attacks.  However, hiding the few
things we know doesn't seem to be a good start toward such watchful
cooperative deployment.

It appears to me, the current practical use case for l= is for systems 
like an non-DKIM aware MLM that is not stripping and replacing 
signatures. The idea of a non-tampered mail passthru concept. This at 
least should be stated.  For DKIM aware MLM that are resigning, the 
"l=" concern is gone as long as the ODID (Originating Domain Identity) 
accepts the independent MLM DKIM resigning role.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html