Frank Ellermann wrote:
> Hector Santos wrote:
>
>> If DKIM h= has from:to:subject:date: and one or more
>> of these fields are missing - BINGO - instance REJECT
>
> Wait a moment, didn't DKIM support the concept of a
> signed *absence* of certain header fields using h= ?
True, except From:, but
SM wrote:
> This is not related to ADSP.
I believe the OP knew that.
> At 14:05 18-06-2008, Hector Santos wrote:
>> But more importantly, consider that DKIM binding *instructs* you what
>> headers must be present. Therefore, this is going to be one of the top
>> strong "sanity checks" to optimiz
This is not related to ADSP.
At 14:05 18-06-2008, Hector Santos wrote:
>But more importantly, consider that DKIM binding *instructs* you what
>headers must be present. Therefore, this is going to be one of the top
>strong "sanity checks" to optimized DKIM processors. Why bother to
>waste time re
Hector Santos wrote:
> If DKIM h= has from:to:subject:date: and one or more
> of these fields are missing - BINGO - instance REJECT
Wait a moment, didn't DKIM support the concept of a
signed *absence* of certain header fields using h= ?
*In theory* it could make sense to add Reply-To and
Sender
SM wrote:
> At 05:17 18-06-2008, John Levine wrote:
>> My theory is that DKIM only applies to valid 2822 messages, and it's not a
>> substitute for a sanity check for all the screwy things one can send in a
>> non-conformant message. Perhaps it would be a good idea someday to
>> collect experienc
Dave Crocker wrote:
>
> John Levine wrote:
>> My theory is that DKIM only applies to valid 2822 messages, and it's not a
>> substitute for a sanity check for all the screwy things one can send in a
>> non-conformant message.
>
>
> +1
huh?
-1, DKIM will be a "Sanity Check" for 2822 headers.
John Levine wrote:
> it's not our problem. Agreed?
+1 Maybe add a paragraph to the security considerations
explaining that ADSP is about syntactically valid
2822upd messages especially wrt From: header fields.
Frank
___
NOTE WELL: This l
At 05:17 18-06-2008, John Levine wrote:
>[ not about ADSP, about DKIM ]
>
>An acquaintance points out that one could prepend an extra From: or
>Subject: header to a DKIM signed message, which wouldn't break the
>signature, but would often be displayed by MUAs which show the new one
>rather than the
John Levine wrote:
> My theory is that DKIM only applies to valid 2822 messages, and it's not a
> substitute for a sanity check for all the screwy things one can send in a
> non-conformant message.
+1
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_
[ not about ADSP, about DKIM ]
An acquaintance points out that one could prepend an extra From: or
Subject: header to a DKIM signed message, which wouldn't break the
signature, but would often be displayed by MUAs which show the new one
rather than the old one. Needless to say, that weakens th
10 matches
Mail list logo