[ietf-dkim] SSP security relies upon the visual domain appearance
Stephen Farrell
stephen.farrell at cs.tcd.ie
Fri Nov 18 08:30:59 PST 2005
John Levine wrote:
>>>The "From:" header should not be signed if it contains more than one
>>>sending address. ...
>
>
>>Does anyone see such a statement as causing a problem?
>
>
> I see it as needless and futile micromanagement.
Pithy. Kind of a needless and futile sentence though:-)
> The point of a DKIM
> signature is that the signer is taking responsibility for the message.
> The only semantics that a DKIM signature has is "blame us if you don't
> like this message." That's it.
>
> We don't know all of the reasons that a signer might legitimately want
> to sign multiple From: addresses, nor do we know all of the ways that
> a bad guy might try to trick someone into signing his message, with
> multiple From: addresses being rather low on that list.
That's fair enough.
> I could easily imagine an SSP-like system limiting itself to a subset
> of otherwise syntactically valid messages, e.g. only one address in
> the From: line, sender matches signer, or any of a host of other
> rules. But for the basic DKIM, a signer can sign anything he's
> willing to, and please leave it at that.
Yes, that's what we're getting at.
So if, during the threat analysis, we identify some such
constraints that make life easier/better when combined with
some ssp options then we could consider standardising them,
or did you mean that any such constraints should be just up
to the individual implementer/signer?
Stephen.
More information about the ietf-dkim
mailing list