ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Ticket #24

2011-05-10 22:41:04
from [Barry Leiba] [Permanent Link] 
To be concise, here are the proposed changes.  The group's preferred
change, #1, is this:


1. Add:
---
6.1.n.  Validate Multiple Header Field Occurrences

Through inadvertence or malice, a message may be received having
multiple occurrences of single only header fields per [RFC5322]. To
provide results upon which subsequent agents can rely, verifiers MUST
detect an invalid number of single only header fields present within the
Signature header field's "h=" list and return PERMFAIL (illegal multiple
header fields).

See Sections 8.14 and 8.15 for further discussion of such attacks.


That asks for a lot, so the group has a second alternative, #2, which
only asks for the "from":


2, Add to 6.1:
---
To provide results upon which subsequent agents can rely, verifiers MUST
detect an invalid number of From header fields and return PERMFAIL
(illegal multiple headers.  [RFC5322] requires there be exactly one
 From header field.

See Sections 8.14 and 8.15 for further discussion of header field
considerations.


While I address the other two open tickets, do the IESG writeup, and
otherwise get ready to send 4871bis to the IESG, everyone please take
the time to read Doug's note and weigh in on these two alternatives.
Let us know, in this thread, whether you support one or the other of
them, or whether you prefer the text as it currently is in the -09
version of 4871bis.

If you have anything to say in argument for or against, please keep it
VERY BRIEF.  This is a call for new consensus, and the arguments have
been made at length already.  We need to see rough consensus *for* one
of these changes in order to make them.

I'll let this float for a few days -- I expect to be ready with the
writeup by the middle of next week.


I have the writeup almost ready for the IESG, and this issue has had
enough responses for me to get a clear sense:
The existing text had consensus before, and there is not consensus to
change it now.  The existing text will stay.  I'm closing issue #24 as
"wontfix".

My thanks to Doug, Charles, and Rolf for working out text to support
their position, and thanks to the others for reviewing it and
commenting.

Barry, as chair

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] PROTO writeup for draft-ietf-dkim-mailinglists-10, Barry Leiba
Next by Date:  Re: [ietf-dkim] Output summary - Keep your Eye on the Prize!, Barry Leiba
Previous by Thread:  Re: [ietf-dkim] Ticket #24, Dave CROCKER
Next by Thread:  [ietf-dkim] I-D ACTION:draft-ietf-dkim-mailinglists-08.txt, Internet-Drafts
Indexes:  [Date] [Thread] [Top] [All Lists]