[ietf-dkim] Focusing on 4871bis
steve at wordtothewise.com
Fri Oct 22 12:54:33 PDT 2010
On Oct 22, 2010, at 8:28 AM, Barry Leiba wrote:
> 1. How to handle a key record with empty "g=" and absent "v=" (section
> 6.1.2, list item 6).
> Proposed change: Remove "g=" altogether, along with all references to
> it. Surveys of what's out there show vanishingly few cases that use
> "g=" with any value other than "*" or empty, so this can be removed as
> an unused feature.
This seems like a good change.
> 2. Advice about wildcards in TXT records.
> Proposed change: Add a note in section 6.1.2 warning about the effect
> of wildcard TXT records on finding DKIM key records.
> 3. The issue of multiple occurrences of header fields that may only occur once.
> Proposed change: Add text to section 5.3 recommending that verifiers
> check that the message complies with specs, and that they not validate
> a non-compliant message.
I'd object fairly strongly to this, for several reasons.
A DKIM verifier shouldn't be doing anything other than the cryptography
needed to confirm the signature.
Also, there's a lot of non-5322 compliant mail out there that's perfectly
harmless and wanted. There's also a lot of unwanted or harmful mail
out there that violates 5322.
DKIM signatures allow receivers to track reputation and distinguish
between those two groups. Crippling DKIM so that it can't be used to
identify the sender for these categories of email seems perverse.
> Add a new section 8.14 to the Security
> Considerations, explaining the attacks that can be done using this
This seems like a good thing to add.
More information about the ietf-dkim