[ietf-dkim] Not an issue: multiple From headers
Roland Turner
roland.turner at boxsentry.com
Wed Jun 25 13:48:05 PDT 2008
On Wed, 2008-06-25 at 13:13 -0400, J D Falk wrote:
> On 19/06/2008 18:28, "Murray S. Kucherawy" <msk at sendmail.com> wrote:
>
> >> My theory is that DKIM only applies to valid 2822 messages, and
> it's not
> >> a substitute for a sanity check for all the screwy things one can
> send
> >> in a non-conformant message. Perhaps it would be a good idea
> someday to
> >> collect experience and advice into an implmentation guide, but
> other
> >> than that, it's not our problem. Agreed?
> >
> > +1,
>
> +1
>
> > and I would go even further to say that we should have an errata
> item
> > against RFC4871 which says we should add that DKIM presumes a
> > properly-formed RFC2822-style message, and that its application to
> other
> > messages produces undefined results.
>
> +1
Erm, surely a verifying mechanism's response to any non-verifiable
message must be _defined_ to be "non-verifiable". It would seem that a
verifying mechanism is completely useless if there exists _any_ input
which elicits an undefined response; in all cases the rule must be
"answer verified if verification is successful, non-verifiable
otherwise".
This doesn't mean that the ADSP spec (or even the DKIM spec) needs to
add specificity or remove ambiguity in the underlying specs, but ADSP
and DKIM certainly can't include permission to provide random responses
to verification attempts of malformed messages; the rule must be that if
a message is malformed to the extent that DKIM is affected, verification
must be defined to fail (not turn undefined).
No?
- Roland
--
Roland Turner | Product Manager, RealMail | BoxSentry Pte Ltd
3 Phillip Street, #13-03 Commerce Point, Singapore 048693
Mob: +65 96700022 | Skype: roland.turner | Fax. +65 65365463
roland.turner at boxsentry.com | www.boxsentry.com
More information about the ietf-dkim
mailing list