I've cogitated on this a bit and spoken with a few knowledgeable people. I'm an operations guy and only marginally a standards wonk.
So, my belief is that this is really more of a 5322 issue than a 4871 issue. Having said that, I'm not comfortable kicking the can down the road given that what we know, this potentially leads to abuse. If the message is malformed and nonconforming then would it be appropriate to treat the malformed message as no signature? This would be one approach that appears consistent with 4871 yet this grinds on me because it means we are saying that a malformed message with a signature is the same as a conforming signature with no signature. We also have to consider that verifier may be an MTA or an MUA. The implications (operationally) are different for each case. It has also been pointed out to me that a mail implementation may try to fix a malformed message. Regardless of my belief that this is a 5322 issue, my personal preference would be for DKIM verifiers to not validate malformed messages with an outcome of something along the lines of "unable to validate due to malformed message". I view this as different than DKIM none. This is perhaps more of an operations perspective. Just a few poorly expressed thoughts and lacking a concrete recommendation that is actionable. Mike > -----Original Message----- > From: [email protected] [mailto:ietf-dkim- > [email protected]] On Behalf Of Murray S. Kucherawy > Sent: Wednesday, October 06, 2010 1:22 AM > To: [email protected] > Subject: Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE > > > -----Original Message----- > > From: [email protected] [mailto:ietf-dkim- > [email protected]] On Behalf Of Mark Delany > > Sent: Tuesday, October 05, 2010 8:06 PM > > To: [email protected] > > Subject: Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE > > > > There was an assertion in RFC4780 about "conforming emails" that must > > only have a single 2822.From header. That got lost in the translation > > to 4781 I guess. Unfortunately, 4780 failed to specify what > > "conforming" means explicitly. > > > > I also know that this WG has repeatedly stated that messages that are > > not within standard MUST fail verification. > > > > That this is not in 4871 seems to be mostly a WG assumption that > > should be made explicit. > > I think several of us thought it was in there, but on review it apparently > was indeed lost somewhere along the way. We've certainly, as I understand > it, been proceeding from that assumption for a very long time. > > I like the idea of saying so explicitly in 4871bis, and applying it both > to signers and to verifiers. > > I don't like the idea of being any more specific than that. That is, I > don't want to create specific text for specific cases we know about > because that means anything we don't list could be perceived as less > critical. A blanket admonishment to implementers is sufficient and > appropriate. > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
