ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Final update to 4871bis for working group review

2011-07-08 13:29:24
from [Pete Resnick] [Permanent Link] 
I want to try to be precise, which I don't think Charles is being with 
his below two sets of "facts". Let me try to clarify:

On 7/8/11 5:52 AM, Charles Lindsey wrote:

1. The fact that DKIM choose headers to sign from the bottom up (for good
reason) facilitates certain attacks (not against DKIM, but certainly
against somone/something) needs to be drawn to the attention of
implementors of identity assessors, so that they can take appropriate
action.
   


What Charles have written above is not true, or at the very least 
extremely imprecise and confusing. Try this:

1a. The fact that DKIM signers can (optionally) sign a message in such a 
way that header fields can be added to the top of the message by 
intermediaries without invalidating the signature means that unsigned 
header fields can appear at the top of a validly signed message needs to 
be drawn to the attention of implementors...

1b. The fact that DKIM signers can sign header fields with all manner of 
unverified data in them, including header fields that might violate the 
syntax requirements of RFC 5322, without invalidating the signature 
means that header fields with unverified data can appear in an validly 
signed message needs to be drawn to the attention of implementors...

I *believe* what I said contains all of the information that Charles 
wrote in his #1. If I missed something, please say.

But I also believe that the current security considerations section 
*says* all that. If you think it doesn't capture something in the above 
two statements, please say.


2. The fact that an attacker (whilst following DKIM to the letter) can use
it, in conjunction with duplicated headers, to add credence to his message
also needs to be drawn to their attention.
   


That one is simply bogus. The document repeatedly (and correctly) states 
that having a DKIM signature *does not*, and *ought not*, in an of 
itself, add any credence to a message. If that needs to be made clearer, 
I'm all for it. But I think it is currently perfectly clear in the document.

In any event, neither of Charles suggested additions captured what I 
have written above. I believe the current text does.

pr

-- 
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] One From DKIM Rule, Hector Santos
Next by Date:  Re: [ietf-dkim] Final update to 4871bis for working group review, Douglas Otis
Previous by Thread:  Re: [ietf-dkim] Final update to 4871bis for working group review, Charles Lindsey
Next by Thread:  Re: [ietf-dkim] Final update to 4871bis for working group review, Charles Lindsey
Indexes:  [Date] [Thread] [Top] [All Lists]