Of course it is incorrect for a DKIM signature to be valid when a message
has multiple From header fields. DKIM requires AT LEAST the From header
field to be the minimal portion of the message signed. Every other part of
the message is optional.
In retrospect, I think that requirement was a mistake, because it
encourages misunderstandings such as yours. Whether or not a header field
is signed has nothing whatever to do with the validity of the signature or
the fact that the signature attaches the d= domain to the message.
Having an (extra) unsigned From should no more invalidate the signature
than having an unsigned Subject should.
But the information that there's a valid signature and an unsigned
<whatever> header field can certainly be two pieces of information that are
passed to an evaluator, which decides what to do with the message.
DKIM does NOT score messages. Either the signature is valid or not. The
spec wrongly justifies allowing invalid repeated headers to result in a
DKIM signature verified as valid.
Indeed; the signature is valid. That and the list of what bits are covered
by the signature are the two things that DKIM provides. An evaluator built
on top of DKIM can use that information in any way it likes, including
throwing away the DKIM validation if certain header fields weren't covered.
That was the working group's decision, which you don't seem to accept. As
I said, you're in the rough on that.
You and Dave Crocker made assurances this issue would not be abused.
That's not an accurate characterization. No one made any "assurances";
certainly I didn't, as chair.
The working group understood the potential for abuse. The working group
decided that the risk of abuse and damage from that abuse was less than the
problems that would be cause by the proposed fixes. The text that's in the
document was put there to explain the problem, and to allow implementors to
address it if they want to (or think they need to).
Putting people at risk in some race to obtain Standard status can not be
justified. Getting this right is far far more important.
Getting it right is, indeed, important, and the working group does think it
got it right. The rest of that is hyperbole, as best I can tell.I see no
evidence that has been presented that shows me how this puts people at
risk. (And remember that DKIM provides a relatively low level of security,
and is meant to be used as one piece of information that forms a *part* of
an overall system.)
Barry