On 2/1/2024 7:05 PM, John R Levine wrote:
Layering is a fine principle, but it's not how DKIM has ever worked in
practice. Two weeks ago we had a long discussion about oversigning,
so DKIM validators can catch messages with multiple From: or Subject:
headers which have never been valid in any version of 822/2822/5322
but show up anyway.
Please explain how you think DKIM violates layering.
It scans the message; it adds a header field, but it otherwise does not
modify the message. Oversigning affects DKIM processing, itself, but
still does not affect the message itself.
So I don't understand the claim that DKIM does not respect layering.
For the specific issue of bare CR or LF, I was reminded on another
list that there is a trendy attack called SMTP smuggling which depends
on mail software inconsistently accepting bare CR or LF, and mail
providers are busy patching to fix it.
That has nothing to do with DKIM, of course.
So there might well need to be a separate discussion of these concerns,
on emailcore, or the like, but not DKIM.
One hopes that discussion distinguishes between protocol architecture
and details, versus possible implementation problems. (This is where I
cite the workshop some Stanford profs had about problems with TCP and it
turned out it wasn't about the protocol but about an implementation -- a
distinction they seemed not to have made. Since the audience included
Larry Roberts and Barry Leiner, I turned out to offer the softest
criticisms...)
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim