[ietf-dkim] detecting header mutations after signing
John R. Levine
johnl at iecc.com
Fri Oct 8 10:52:13 PDT 2010
> I'm still cringing at the layering violation of "fixing" in DKIM the
> fact that many RFC5322 implementations, MTAs, MSAs and MUAs alike,
> don't bother to enforce normative portions of that specification.
The standard advice has always been to accept malformed mail and render
it as best you can, on the theory that it was probably from a legit but
buggy sender. Other than this DKIM issue, that's still good advice.
Here's another way to look at it: if we think that adding extra headers is
a significant threat, someone's going to have to check for them. History
suggests that in the absence of DKIM, it's not worth doing since nobody
does it. That also suggests that all the places other than a DKIM
verifier will continue not to do it, since it's still of no great benefit.
So if we don't do it in the verifier, it's not going to happen.
"Our software works, but you have to make changes of no direct benefit to
yourself to plug a hole we could have plugged" has rarely been a winning
argument in the past.
More information about the ietf-dkim