On Mon, Nov 5, 2018 at 6:59 AM Rifaat Shekh-Yusef <rifaat.ietf@xxxxxxxxx> wrote:
Section 7.2. Misleading Results, Second paragraph
"Hence, MUAs and downstream filters must take some care with use of
this header even after possibly malicious headers are scrubbed.."
How do you expect an MUA or downstream filter to act on "take some care"?
Can you elaborate on that?If you are a spammer or malware distributor, you can elicit a DKIM "pass" by simply creating your own domain and signing your bad email with that domain.. The fact that you got a "pass" doesn't tell you anything about which domain's signature succeeded, nor does it confirm the message content is safe or trustworthy in any way."take some care" means "keep this in mind while deciding how to render a message to end users, who might not know to even look at this".
I guess what I am looking for is a statement about the best case scenario for an MUA to be able to display a message with some confidence given the current state of affair.For example, if there is a valid DKIM, an Authentication-Results header with dkim pass,and the header was provided by a trusted entity?
I would argue that the text that's there does give the best case scenario: Absent a reputation system (which doesn't exist publicly, so the lowest common denominator doesn't have this), it's dangerous for any component of a mail system to trust a message just because some authentication system passed. The "value" of the attesting domain is what matters, and for the most part you don't know what that value is. Really large operators (e.g., Gmail) do have reputation systems, but your typical home open source installation does not.
7.3. Header Field Position
This section explains that headers fields are *not* guaranteed to be in a
specific order. The section then states that "there will be *some*
indication..."
Since the order is not guaranteed, what do you expect an implementer to take
away from this?"in the general case" and "but most do not".So: Most of the time, you can rely on header field ordering to determine the sequence of handling. You are at least certain about whether you can trust the tail end of that, because you know your own environment from the ingress point..
Fair enough; I think it is worth adding this sentence to make it clear.
Doesn't the last sentence of that paragraph already say exactly that?
7.8. Intentionally Malformed Header Fields
This is a general issue with any header. Is there anything specific to this
header that an implementer should pay attention to?No, not really, but at the time this text was originally written (see RFC5451; this is about the fourth version of this material), it was felt this was worth adding.I guess it does hurt to remind implementer to pay attention to this issue, but I think it might be useful to state that there is nothing special about this header to avoid possible question like this in the future.
Adjusted the text accordingly.
-MSK
