Michael Thomas wrote: > On 10/05/2010 01:36 PM, John Levine wrote: >>> Still, though, it's a solution to deal with malformations to which >>> MUAs are susceptible, and not strictly a DKIM problem. >> Would it be a good idea to recommend in 4871bis that DKIM >> implementations should not sign or verify invalid messages? I >> cheerfully admit that I haven't thought out all the implications >> thereof. > > I'd suggest that it would be better to take that up with > rfc5822-bis since this is hardly a dkim-specific problem.
In my engineering opinion, it was a security hole that fell through the cracks during the development of the RFC 4886 Threat Analysis. If it was presented back then, we would be dealing with the semantics as I propose to deal with it simply because we can't ignore it or blame RFC 822/2822/5322 implementation or MUAs. This is a DKIM issue and it needs to get addressed. Any system today that displays: signed by: but displays a spoofed 2nd From can produce a major confidence problem for DKIM. I have a problem understanding the blow back to the security issue. 4871bis is active. Something needs to be added to 4871bist so that implementations and operators are made aware of it, now and into the future. I highly recommend that the key editors embrace this and deal with it or risk negative DKIM public relations if this gets into the media or into the mind set of any hackers and potential DKIM exploiters. You need to deal with it. Not ignore it or pass the buck to other layers of email. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com [1] http://tools.ietf.org/html/rfc4686 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html