ietf-mailsig
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: draft-allman-dkim-base-00 6.6: Advice given would invalidate the DKIM signature.

2005-07-20 10:45:19
from [Earl Hood] [Permanent Link] 

On July 20, 2005 at 10:22, Thomas Roessler wrote:


In section 6.6, rewriting the From header is suggested as a way to
signal inconsistencies -- such as the ones that could be expected
when messages are forwarded through a mailing list -- to user
agents.


And the rewriting also appears to be an attempt to avoid malicious
domains from spoofing addresses.


According to section 5.2.2, signing the From header is mandatory.
Hence, if the advice from section 6.6. was applied, DKIM signatures
would be invalidated.  User agents would no longer be able to verify
the binding between the signing address (if different from the From
address) and the message.


Good point.

More thought is definitely needed here since there are definite
security implications.  I made a suggestion about having
a DKIM-From in a separate post discussing sender spoofing, but
I'm unsure how it will be received.

--ewh
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?, Earl Hood
Next by Date:  RE: Issue tracking (was: revised Proposed Charter), Hallam-Baker, Phillip
Previous by Thread:  draft-allman-dkim-base-00 6.6: Advice given would invalidate the DKIM signature., Thomas Roessler
Next by Thread:  Re: draft-allman-dkim-base-00 6.6: Advice given would invalidate the DKIM signature., Jim Fenton
Indexes:  [Date] [Thread] [Top] [All Lists]