I am perfectly happy with Murray's original (and now, revised) text. (Nits still being discussed are entirely up to the WG.) I am not happy with Charles's text. Particularly:
On 7/7/11 5:08 AM, Charles Lindsey wrote: > Recall that, when multiple instances of a given header field are > present, they are signed starting with the last one and working > upwards (section 5.4.2). This DKIM feature can be deployed to mount a > variety of attacks against the email system. In some, the attacker is > also the signer, signing the second of some duplicated field on > behalf of his own domain, whilst hoping that some lenient MUA will > display only the first. In others, a genuine signature from the > domain under attack is obtained by legitimate means, but extra header > fields are then added, either by interception or by replay. > It seems like this text is tailor-made to obfuscate who is doing the attacking and who is being attacked. It's this distinction that I think is the most important to make, and the above text simply does not clarify; it muddies the waters. DKIM can only be "deployed to mount a variety of attacks" if the recipient has already made the fatal mistake of assuming that the existence of a cryptographically valid signature *means* that the message is reliable and from a known "good" sender. You could have a longer and more detailed discussion in the document about how broken it is for a recipient to do such a thing, and put *that* into the security consideration, but I don't think it's necessary. The above can only obfuscate that very important point, making it out as if it's something in the DKIM signing/verifying process that caused the problem. pr -- Pete Resnick<http://www.qualcomm.com/~presnick/> Qualcomm Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
