[ietf-dkim] Ticket #24
barryleiba at computer.org
Fri May 6 11:05:11 PDT 2011
I have just updated the tracker ticket for this:
To be concise, here are the proposed changes. The group's preferred
change, #1, is this:
> 1. Add:
> 6.1.n. Validate Multiple Header Field Occurrences
> Through inadvertence or malice, a message may be received having
> multiple occurrences of single only header fields per [RFC5322]. To
> provide results upon which subsequent agents can rely, verifiers MUST
> detect an invalid number of single only header fields present within the
> Signature header field's "h=" list and return PERMFAIL (illegal multiple
> header fields).
> See Sections 8.14 and 8.15 for further discussion of such attacks.
That asks for a lot, so the group has a second alternative, #2, which
only asks for the "from":
> 2, Add to 6.1:
> To provide results upon which subsequent agents can rely, verifiers MUST
> detect an invalid number of From header fields and return PERMFAIL
> (illegal multiple headers. [RFC5322] requires there be exactly one
> From header field.
> See Sections 8.14 and 8.15 for further discussion of header field
While I address the other two open tickets, do the IESG writeup, and
otherwise get ready to send 4871bis to the IESG, everyone please take
the time to read Doug's note and weigh in on these two alternatives.
Let us know, in this thread, whether you support one or the other of
them, or whether you prefer the text as it currently is in the -09
version of 4871bis.
If you have anything to say in argument for or against, please keep it
VERY BRIEF. This is a call for new consensus, and the arguments have
been made at length already. We need to see rough consensus *for* one
of these changes in order to make them.
I'll let this float for a few days -- I expect to be ready with the
writeup by the middle of next week.
Barry, as chair
More information about the ietf-dkim