Re: Review of: draft-otis-dkim-harmful

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Of course it is incorrect for a DKIM signature to be valid when a message has multiple From header fields.  DKIM requires AT LEAST the From header field to be the minimal portion of the message signed.  Every other part of the message is optional.

In retrospect, I think that requirement was a mistake, because it encourages misunderstandings such as yours.  Whether or not a header field is signed has nothing whatever to do with the validity of the signature or the fact that the signature attaches the d= domain to the message.

Having an (extra) unsigned From should no more invalidate the signature than having an unsigned Subject should.

But the information that there's a valid signature and an unsigned <whatever> header field can certainly be two pieces of information that are passed to an evaluator, which decides what to do with the message.
 
DKIM does NOT score messages.  Either the signature is valid or not.  The spec wrongly justifies allowing invalid repeated headers to result in a DKIM signature verified as valid.

Indeed; the signature is valid.  That and the list of what bits are covered by the signature are the two things that DKIM provides.  An evaluator built on top of DKIM can use that information in any way it likes, including throwing away the DKIM validation if certain header fields weren't covered.  That was the working group's decision, which you don't seem to accept.  As I said, you're in the rough on that.

You and Dave Crocker made assurances this issue would not be abused.

That's not an accurate characterization.  No one made any "assurances"; certainly I didn't, as chair.
The working group understood the potential for abuse.  The working group decided that the risk of abuse and damage from that abuse was less than the problems that would be cause by the proposed fixes.  The text that's in the document was put there to explain the problem, and to allow implementors to address it if they want to (or think they need to).
 
Putting people at risk in some race to obtain Standard status can not be justified.  Getting this right is far far more important.

Getting it right is, indeed, important, and the working group does think it got it right.  The rest of that is hyperbole, as best I can tell.I see no evidence that has been presented that shows me how this puts people at risk.  (And remember that DKIM provides a relatively low level of security, and is meant to be used as one piece of information that forms a *part* of an overall system.)

Barry  

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]