> -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Murray S. Kucherawy > Sent: Sunday, July 10, 2011 8:39 PM > To: Charles Lindsey; DKIM > Cc: Pete Resnick > Subject: Re: [ietf-dkim] Final update to 4871bis for working group review > > "Agents that evaluate or apply DKIM output need to be aware that a DKIM > signer can sign messages that are malformed (e.g., violate RFC5322), or > become malformed in transit. Such an action might constitute an attack > against a receiver, especially where additional credence is incorrectly > given to a signed message without evaluation of the signer. Moreover, > a verifier would be incorrect to infer that all instances of a header > field are signed just because one is. Agents will need to account for > these issues when deciding how to apply DKIM results to message, > especially when displaying them to users."
Actually, let me revise that a bit: "Agents that evaluate or apply DKIM output need to be aware that a DKIM signer can sign messages that are malformed (e.g., violate RFC5322), or become malformed in transit, or contain content that is not true or valid. Such an action might constitute an attack against a receiver, especially where additional credence is incorrectly given to a signed message without evaluation of the signer. Moreover, an agent would be incorrect to infer that all instances of a header field are signed just because one is. Agents will need to account for these issues when deciding how to apply DKIM results to message, especially when displaying them to users." _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html