On Friday, October 08, 2010 01:41:15 pm Murray S. Kucherawy wrote: > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Scott Kitterman > > Sent: Friday, October 08, 2010 10:01 AM > > To: [email protected] > > Subject: Re: [ietf-dkim] detecting header mutations after signing > > > > > We want to re-submit DKIM Signing to Proposed Standard, in order to fix > > > an edge condition that is only a theoretical issue and only fixes a > > > problem that is actually outside of the scope of what DKIM is trying > > > to achieve? > > > > Detecting modification in transit is outside the scope of what DKIM is > > trying to achieve? > > Doesn't DKIM try to detect modification of the portion covered by the > hashes, which is unchanged in this scenario?
For what I view as a very abstract definition of unchanged, sure. I think adding additional From or Subject does change the content of the message From or Subject. If one takes the view that we've defined things such that this is OK from a protocol definition perspective, so it's not an issue, I think we've lost sight of the original goal of this requirement in the protocol. I think that this can be dealt with through an additional security consideration and doesn't have to disrupt the rush to get this advanced through the standards process. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
