[ietf-dkim] Features that could be reconsidered as part of the bis process
Eliot Lear
lear at cisco.com
Thu May 21 08:23:50 PDT 2009
On 5/21/09 4:45 PM, Dave CROCKER wrote:
>
>
> Eliot Lear wrote:
>> The whole point of l= was to say that beyond it you should treat the
>> content as suspicious.
>
>
> Eliot,
>
> Since DKIM Signature does not make statements about the differential
> handling of content, signed or unsigned, I'm not clear what you base
> this assertion on. Can you clarify?
>
> As I understand DKIM Signature, there is are validly signed messages
> (with their identifiers) and there are all other messages, and that
> binary distinction is the limit of DKIM semantics. You appear to be
> going beyond the specification.
I think the point is that you can't make assertions of responsibility
for the information beyond l=. That was always the implication, right?
So now you're a mail firewall and you see lots of URLs tagged at the
end, with nobody asserting responsibility. That's an indicator that
there is a problem. What one does with that problem is well beyond the
scope of DKIM, but one could easily see several different courses of action:
1. stripping the URLs
2. quarantining the entire message
3. posting a warning IN the message
But again, this is all really academic, depending on the point of
actually USING l=. How can it LEGITIMATELY be used. We can find ways
to deal with miscreants using l=, but it may not be worth it if we can't
find legitimate uses...
Eliot
More information about the ietf-dkim
mailing list