Re: [ietf-dkim] Issue: 4871bis - section 5.4/5.5 clarify 5322.From requirement

[Charles Lindsey]

On Sat, 16 Oct 2010 05:09:53 +0100, Hector Santos hsan...@isdg.net wrote:

 This probably means that it should clarified what that 5.4 sentence
 means and also the next section 5.5

 5.5.  Recommended Signature Content

 ..

 The following header fields SHOULD be included in the signature, if
 they are present in the message being signed:

 o  From (REQUIRED in all signatures)

But that is weaker what what it already says, which implies saying  
h=from even if NO from is (contrary t0 5322) present.

-- 
Charles H. Lindsey -At Home, doing my own thing
Tel: +44 161 436 6131   
   Web: http://www.cs.man.ac.uk/~chl
Email: ...@clerew.man.ac.uk  snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9  Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
___
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

Re: [ietf-dkim] Issue: 4871bis - section 5.4/5.5 clarify 5322.From requirement

[Hector Santos]

Charles, I was showing what already is written and suggesting that it 
might need clarification.

Charles Lindsey wrote:
 On Sat, 16 Oct 2010 05:09:53 +0100, Hector Santos hsan...@isdg.net wrote:
 
 This probably means that it should clarified what that 5.4 sentence
 means and also the next section 5.5

 5.5.  Recommended Signature Content

 ..

 The following header fields SHOULD be included in the signature, if
 they are present in the message being signed:

 o  From (REQUIRED in all signatures)

 But that is weaker what what it already says, which implies saying  
 h=from even if NO from is (contrary t0 5322) present.
 

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


___
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

[ietf-dkim] Issue: 4871bis - section 5.4/5.5 clarify 5322.From requirement

[Hector Santos]

Steve Atkins wrote:

 Hector wrote:
 The spec says

 5.4.  Determine the Header Fields to Sign

The From header field MUST be signed (that is, included in the h=
tag of the resulting DKIM-Signature header field).

 That means to me it MUST exist to be signed.
 
 h=From for a message that has no From: header when signed
 means that the message must have no From: header when the
 signature is validated, I think? And 5.4 just says you must include
From in the h= tag, not that it must exist.
 
 A missing From: field makes the message not a 5322 message,
 but I'm not sure what that implies for DKIM.

I see your point.

Since a 5322.From is a required header for a valid RFC5322 message 
(From and Date are the two that required by RFC2822 and RFC5322, for 
RFC822, it requires the To (or BC) as well), I believe the expectation 
that it exist in the message for DKIM to imply it must exist in h=From.

For our MDA/MSA, it will definitely invalidate an incoming message 
header but I don't recall the details.  From old discussions in 
IETF-SMTP, I am pretty sure most MDA/MSA will enforce a 5322.From as 
well.  I think the exception if when the client is local (internal) or 
maybe authenticated.

The Alt-N DKIM API we are using will definitely fail to sign the 
message if a From is missing and it will fail to verify as well 
because there has to be a h=from and matching 5322.From.

This probably means that it should clarified what that 5.4 sentence 
means and also the next section 5.5

5.5.  Recommended Signature Content

..

The following header fields SHOULD be included in the signature, if
they are present in the message being signed:

o  From (REQUIRED in all signatures)


It reads to me that From is the SHOULD exception to a MUST.

But I can definitely see what you mean, because if it means that you 
have to add  h=from without a real 5322.From, then a signature might 
be signed and be technical DKIM valid but only against those systems 
that are not enforcing a 5322.from header.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


___
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html