-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles
Lindsey
Sent: Wednesday, June 29, 2011 9:20 AM
To: DKIM
Subject: Re: [ietf-dkim] Pete's review of 4871bis
I agree that 8.14 is poorly written (and it was even worse a while back).
However, there most certainly IS an attack here, which is NOT the same as
the related attack discussed in 8.15, and cannot be prevented by putting
extra entries in the 'h=' tag. Unfortunately, many WG members have failed
to understand the difference between the two.
That's a mischaracterization of the objection. "h=from:from:..." was not meant
to address the attack about which you are complaining.
In my opinion, there needs to be some REQUIRED action in the verifier which
will result in a PERMFAIL, and which would then catch all attacks of this
nature. But the WG consensus has been against this.
This was discussed ad nauseam. The consensus reached was that DKIM is the
wrong place to enforce compliance of RFC5322. Rather, we stipulate that we
expect those modules to do their jobs properly.
Nobody has said either of the two variants of this attack are not valid
concerns. The dispute is about what module in the handling of a message is
responsible for detecting and dealing with it.
Since the problem exists even with a message that is not DKIM-signed, I still
fail to understand how this is specifically a DKIM problem.
-MSK
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html