[ietf-dkim] draft-ietf-dkim-rfc4871bis-07 // Attacks Involving Additional Header Fields
Murray S. Kucherawy
msk at cloudmark.com
Mon Apr 25 21:18:22 PDT 2011
> -----Original Message-----
> From: ietf-dkim-bounces at mipassoc.org [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Douglas Otis
> Sent: Monday, April 25, 2011 6:33 PM
> To: ietf-dkim at mipassoc.org; Barry Leiba; Pete Resnick
> Subject: [ietf-dkim] draft-ietf-dkim-rfc4871bis-07 // Attacks Involving
> Additional Header Fields
> Double listing in the "h=" tag can not fully mitigate risks related to
> appended header fields when messages are signed by a different domain
> than the domain found in the appended From header field.
DKIM doesn't create any binding between the RFC5322.From domain and the "d=" value as you're doing. What you're talking about here falls into the realm of ADSP or other policy-like assertions, not DKIM itself which is the topic of this draft.
More information about the ietf-dkim