[ietf-dkim] Ticket #17 is not a duplicate
dotis at mail-abuse.org
Wed Apr 27 17:06:04 PDT 2011
Sorry for the repeated message, but the wrong subject line was used.
Ticket #17 was listed as a duplicate of Ticket #4
This is not correct!
The result of Ticket #4 was a change that simply said:
Internationalized domain names MUST be converted as described in Section
2.3 of [RFC5890] to "A-Labels"
This failed to specify Fake A-Labels should not be permitted. The point
made by Ticket #17. RFC5980 introduces restrictions against 3,329
confusable unicode points not excluded by RFC3490. Unless A-label
validity checks are made by DKIM, it is not reasonable to assume
RFC5980's added protection are afforded or that it is proper to validate
this very critical input. This issue becomes extremely important once
From domains are displayed using UTF-8. DKIM should be prepared for
this imminent change and anticipate the likely "confusable" exploitation
More information about the ietf-dkim