ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] DKIM Scouts, was 8bit downgrades

2011-05-24 18:52:47
Franck Martin wrote:

Steve Atkins mentioned:
This (entirely RFC valid yet completely broken) behaviour has bitten me
a couple of times.

Hector followed up: 
+1

If everyone (mail transport/mail handlers) just followed the basic
mail networking principle of:

    Thou should not touch passthru mail (except for network traces)

Are there the same issues with PGP or S/Mime email?

RFC3851 (S/MIME) states this under the security section:

    Modification of the ciphertext can go undetected if authentication is
    not also used, which is the case when sending EnvelopedData without
    wrapping it in SignedData or enclosing SignedData within it.

IMO, with the known issues in the wild related to using MIME parts, I 
would say yes.  Since our MSA/MDA/MTA does not tamper with passthru 
mail and since we never heard of a complaint, it will suggest it 
didn't cause problems for any customer either. My general point is 
based on painful experiences learned with multiple different mail 
networking software (old and new) and the common and basic long 
traditional rule of thumb was to refrain from screwing around with 
passthru mail and when followed, things generally worked better, there 
were less issues, less surprises and future things would basically fit 
right in.

With new needs such as EAI (internalization) and DKIM 
(authentication), it is highlighting the cases where certain methods 
in the network were not ideal.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html