> -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Charles Lindsey > Sent: Wednesday, June 29, 2011 9:20 AM > To: DKIM > Subject: Re: [ietf-dkim] Pete's review of 4871bis > > I agree that 8.14 is poorly written (and it was even worse a while back). > However, there most certainly IS an attack here, which is NOT the same as > the related attack discussed in 8.15, and cannot be prevented by putting > extra entries in the 'h=' tag. Unfortunately, many WG members have failed > to understand the difference between the two.
That's a mischaracterization of the objection. "h=from:from:..." was not meant to address the attack about which you are complaining. > In my opinion, there needs to be some REQUIRED action in the verifier which > will result in a PERMFAIL, and which would then catch all attacks of this > nature. But the WG consensus has been against this. This was discussed ad nauseam. The consensus reached was that DKIM is the wrong place to enforce compliance of RFC5322. Rather, we stipulate that we expect those modules to do their jobs properly. Nobody has said either of the two variants of this attack are not valid concerns. The dispute is about what module in the handling of a message is responsible for detecting and dealing with it. Since the problem exists even with a message that is not DKIM-signed, I still fail to understand how this is specifically a DKIM problem. -MSK _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
