Review of: DKIM is Harmful as Specified
I-D: draft-otis-dkim-harmful-00
Reviewed by: D. Crocker
Review Date: 12 May 2013
Summary:
DKIM is in wide use for email operations today; it is currently at
Draft Standard and has been submitted for elevation to full Internet
Stan
>
> > The draft continues to make broad, onerous claims like this, but
> provides no documentation to indicate that the DKIM signing specification
> is flawed in the function it is performing: attaching a validated domain
> name to a message.
>
> DKIM does not, in its current form, attach a valida
On May 12, 2013, at 9:59 PM, Dave Crocker wrote:
Dear Dave,
Thank you for your thoughtful review, it was most helpful. I have updated the
draft in hopes of adding greater clarity and to address your concerns.
The new information not available to the WG at the time is how the DKIM
specificat
The problems with this draft persist...
Organizations such as M3AAWG hope to use DKIM will be able as a required
acceptance requirement to offer better ensure a domain identity to provide
offers a
I happen to be sitting in a M3AAWG meeting as I write this note and it
happens that I ju
Dear Dave,
On Jun 4, 2013, at 11:44 AM, Dave Crocker wrote:
> The problems with this draft persist...
>
>> Organizations such as M3AAWG hope to use DKIM will be able as a required
>> acceptance requirement to offer better ensure a domain identity to provide
>> offers a
>
> I happen to be si
On 6/4/2013 1:08 PM, Douglas Otis wrote:
Dear Dave,
On Jun 4, 2013, at 11:44 AM, Dave Crocker wrote:
I happen to be sitting in a M3AAWG meeting as I write this note
and it happens that I just came out of a session in which someone
tried to assert the use of DKIM (or SPF) as a 'requirement' and
On Jun 4, 2013, at 3:08 PM, Barry Leiba wrote:
> > The draft continues to make broad, onerous claims like this, but provides
> > no documentation to indicate that the DKIM signing specification is flawed
> > in the function it is performing: attaching a validated domain name to a
> > message
>
> Of course it is incorrect for a DKIM signature to be valid when a message
> has multiple From header fields. DKIM requires AT LEAST the From header
> field to be the minimal portion of the message signed. Every other part of
> the message is optional.
>
In retrospect, I think that requiremen
On 6/4/2013 4:51 PM, Douglas Otis wrote:
Of course it is incorrect for a DKIM signature to be valid when a
message has multiple From header fields.
You lost that debate in the working group. Multiple times.
Saying "of course" at the beginning of your claim does not make you win
the argument.
On Tue, Jun 4, 2013 at 6:48 AM, Dave Crocker wrote:
>
> Simply publishing this draft appears to have already increase
the level of multiple FROM header field abuse seen where it is
now at 21% of signed DKIM messages.
>>>
>>> Sounds pretty scary. No doubt the assertion is publicly
On Tue, Jun 4, 2013 at 4:08 AM, Douglas Otis wrote:
> In its current form, DKIM simply attaches a domain name in an unseen
> message fragment, not a message. The ease in which the only assured
> visible fragment of the message signed by the domain being forged makes it
> impossible for appropria
I'm jumping into this particular branch of the conversation late. I've
followed Doug's concerns against DKIM somewhat over the years.
It seems fairly clear that Doug has a long-standing concern regarding
DKIM and how it interacts with e-mail.
It seems fairly clear he's in the rough within the IET
On Jun 4, 2013, at 9:13 AM, Murray S. Kucherawy wrote:
> On Tue, Jun 4, 2013 at 4:08 AM, Douglas Otis wrote:
> In its current form, DKIM simply attaches a domain name in an unseen message
> fragment, not a message. The ease in which the only assured visible fragment
> of the message signed
On Sun, Jun 9, 2013 at 10:42 AM, Douglas Otis wrote:
>
> Procedurally speaking, what path do you anticipate your draft following?
>
>
> To require messages with invalidly repeated header fields to not return a
> "pass" for DKIM signature validation.
>
>
That's a technical response. What I asked
On Jun 4, 2013, at 7:16 PM, Sam Hartman wrote:
> So, I'd like to encourage Doug to refine his work, fix errors of
> precision, but to say I think this is worth writing down.
Dear Sam,
Thank you for your interest. I have updated the draft and, and as requested by
Dave Crocker, included referen
15 matches
Mail list logo
