On 04.05.2011 21:13, MH Michael Hammer (5304) wrote:
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Dave CROCKER
On 5/4/2011 11:34 AM, Murray S. Kucherawy wrote:
So the issue is that someone might read it as "leave l=<value> out
of what you feed to the hash" versus "hash it, but ignore what it's
telling you"?
If so, I agree, we should fix that.
Seems like the replacement text should be something along the lines of:
Considerations Section 8. To avoid this attack, signers should be
extremely wary of using this tag, and verifiers might wish to ignore
the tag.
To avoid this attack, signers need to be extremely wary of using this
tag, and verifiers might choose to ignore signatures containing it.
I thought we meant "ignore the value that this tag provides"; that is, fail
signatures only if the body length actually changed.
W.r.t. RFC 4871, we only removed the text suggesting to "remove text that
appears after the specified content length" (assuming it grew). So we have a
very poor wording in both documents, pining for arguments among
opposite-minded implementers, one claiming that another is non-compliant.
If this is the sort of advice we are going to give then we should just
deprecate "l=".
+1: it was an error in the PS and the DS fixes it.
Alternatively we can allow it, warn, and expect implementers to code
heuristics that can discern attacks from regular footers.
We can't have both.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html