[ietf-dkim] mutant message validation

[Douglas Otis]

On Jan 5, 2007, at 10:45 AM, Hector Santos wrote:

> I am still convince that most people are not going to sign mail if  
> the ROUTE it takes is proven to break the integrity of the mail.

This is a reason to remove from the DKIM base draft the 5.4  
stipulation that the From header MUST be signed.  After all,  
internationalization is likely to cause invalid signatures.  When  
other headers might actually represent the signing-originator, it  
makes little sense for this stipulation, when this then requires  
heuristics to "save" the signature.  This 5.4 statement could be  
changed to indicate that an originating header SHOULD be signed.

Although I am sure your concern is focused upon verification at the  
MTA, protection afforded by DKIM allows the MDA-MUA path to not be  
trusted.  Perhaps at some point a new identity could be included  
within the signature to ensure a discernible linkage between the  
originating header and the signer.

Introducing restrictive policy will only further diminish the success  
rate of otherwise legitimate messages when other headers are not  
accommodated.

Policy that establishes associations with other domains also supports  
opportunistic security, as used with protocols likes SSH.  When the  
goal is to improve the integrity of mail, allowing autonomous  
associations accommodating all headers offers the only solution that  
may make a genuine improvement.  The base draft's requirements that  
specific headers be signed, and that any header linkage is only  
discernible when domains match creates impediments for the success  
rate of legitimate mail.  These dubious requirements are aimed at  
supporting visual recognition, which is perhaps worse than misleading.

-Doug