On 6/4/2013 4:51 PM, Douglas Otis wrote:
Of course it is incorrect for a DKIM signature to be valid when a
message has multiple From header fields.
You lost that debate in the working group. Multiple times.
Saying "of course" at the beginning of your claim does not make you win
the argument.
DKIM was intended not to require ANY change of other mail components.
None.
It doesn't.
When the DKIM signature is trusted and changes how the message is
handled, it would be wrong to suggest special consideration is then
given other message fragments.
So it's a good thing the DKIM spec doesn't do that.
In addition, recipients will not see the
signature header field nor should they be expected to understand what it
contains. They will see and understand the From header field however.
Quite possibly.
And it's why the DKIM signing specification says:
3.8. Input Requirements
A message that is not compliant with [RFC5322], [RFC2045], and
[RFC2047] can be subject to attempts by intermediaries to correct or
interpret such content. See Section 8 of [RFC4409] for examples of
changes that are commonly made. Such "corrections" may invalidate
DKIM signatures or have other undesirable effects, including some
that involve changes to the way a message is presented to an end
user.
Accordingly, DKIM's design is predicated on valid input.
Of course dkim=pass is placed in an Authentication-Results header where
many suggest this indicates the message has been "authenticated"!
So, you are criticizing the DKIM Signature specification for wording in
a separate specification that was developed independently?
You made your case for this at least twice to the working group and
at least once more to the IETF community during Last Call of the draft
that became RFC 6376. Your opinion wasn't agreed with: you were "in
the rough". You're now bringing it up a fourth time (at least), and
you still appear to be in the rough. The decision was to allow the
verifier to decide how to handle this.
You and Dave Crocker made assurances this issue would not be abused.
Please document that claim.
It
is being abused
Please document that claim, and more importantly please substantiate the
implication that it is causing a problem in the operation of Internet mail.
and NO other protocol layer ensures message structures
are valid.
Perhaps you have heard of RFC5322 and MIME? Those are the
specifications that define valid message formats. Software that
implements those specs ensures message structure validity.
Your issue is with software that enforces those standards -- or doesn't
-- rather than a separate specification that calls on them.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net