On Thu, Nov 1, 2018 at 2:56 AM Rifaat Shekh-Yusef <rifaat.ietf@xxxxxxxxx> wrote:
Section 7.1. Forged Header Fields
In addition to a recommended solution, this section has list a potential
alternative solutions which the document then states that it is not appropriate
for this document to specify which mechanism should be used.
Since an implementer is not expected to do anything with this information, it
might be more appropriate for this to be moved to an appendix at the end of
document.
Implementers need to be aware of these things in order to make informed handling decisions, but we also acknowledge that we can't propose a single solution that will work for all operational environments. That's what this text means to convey.
By my read of RFC3552, that's what this section is for, rather than an appendix.
By my read of RFC3552, that's what this section is for, rather than an appendix.
Section 7.2. Misleading Results, First paragraph, last sentence
"In particular, this issue is not resolved by forged header field removal
discussed above."
which seems to be in conflict with the following statement from section 5:
"For simplicity and maximum security, a border MTA could remove all
instances of this header field on mail crossing into its trust
boundary."
They're not in conflict. Even if I remove all instances of this header field at ingress and then evaluate DKIM (for example), I have no idea if a valid signature from "example.com" should be interpreted such that I trust that message more (or less).
The two paragraphs you're talking about solve different problems.
Section 7.2. Misleading Results, Second paragraph
"Hence, MUAs and downstream filters must take some care with use of
this header even after possibly malicious headers are scrubbed.."
How do you expect an MUA or downstream filter to act on "take some care"?
Can you elaborate on that?
If you are a spammer or malware distributor, you can elicit a DKIM "pass" by simply creating your own domain and signing your bad email with that domain.. The fact that you got a "pass" doesn't tell you anything about which domain's signature succeeded, nor does it confirm the message content is safe or trustworthy in any way.
"take some care" means "keep this in mind while deciding how to render a message to end users, who might not know to even look at this".
7.3. Header Field Position
This section explains that headers fields are *not* guaranteed to be in a
specific order. The section then states that "there will be *some*
indication..."
Since the order is not guaranteed, what do you expect an implementer to take
away from this?
"in the general case" and "but most do not".
So: Most of the time, you can rely on header field ordering to determine the sequence of handling. You are at least certain about whether you can trust the tail end of that, because you know your own environment from the ingress point..
7.8. Intentionally Malformed Header Fields
This is a general issue with any header. Is there anything specific to this
header that an implementer should pay attention to?
No, not really, but at the time this text was originally written (see RFC5451; this is about the fourth version of this material), it was felt this was worth adding.
-MSK
