[ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From
ietf-dkim at kitterman.com
Tue Oct 5 14:46:12 PDT 2010
"Murray S. Kucherawy" <msk at cloudmark.com> wrote:
>> -----Original Message-----
>> From: ietf-dkim-bounces at mipassoc.org [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Scott Kitterman
>> Sent: Tuesday, October 05, 2010 12:24 PM
>> To: ietf-dkim at mipassoc.org
>> Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From
>> Nack. DKIM also purports to provide assurance that the signed content
>> of the message is unmodified. I think mentioning that all instances of
>> a header that is signed should be used for signing and verification is
>> a useful data point for implementors.
>I'm having trouble parsing that. Aren't all instances of a signed field used for verifying already? Or are you proposing an "If you sign one, you have to sign them all" sort of approach?
>That will wreak havoc with Received:, if so.
I'm suggesting making it clear that if one signs a type of field they should sign all of them. I'm not suggesting adding any requirements that additional types of fields be signed.
P.S. I'm not sure I parsed your question correctly.
More information about the ietf-dkim