>> A) You have to sign either all occurences of a header or none of them, ...
>>
>> B) Same as A, but limited to an enumerated set of headers that are
>> supposed to occur only once.
>>
>> c) Same as B, but tell signers to use the h= trick to make verification
>> fail if extra headers show up.
> I'm scratching my head to see if there is any advice we can offer to make
> signing and verification more robust while not changing the behavior of
> existing code for normal (for some definition of normal messages).
>
> A) You have to sign either all occurences of a header or none of them, an
> this being some sort of existential threat. Can someone come
> up with a scenario where this really could be evil and isn't
> trivially fixed by... making spam filters insist that they're
> really receiving valid 5322 as one of their rules?
If one does real whitelisting based on valid signature
On 10/07/2010 05:01 PM, John R. Levine wrote:
>>> I'd say that it would be better to just say that if you sign a
>>> non-compliant 5322 message that its verification is undefined,
>>> and move on. That at least matches reality, and hasn't hurt
>>> anything that I'm aware of.
>
> Except that's not t
>> I'd say that it would be better to just say that if you sign a
>> non-compliant 5322 message that its verification is undefined,
>> and move on. That at least matches reality, and hasn't hurt
>> anything that I'm aware of.
Except that's not the situation we have here.
a) Author creates a 100%
On 10/7/2010 4:18 PM, SM wrote:
> RFC 5322 specifies a format for Internet mail. I don't see what
> could be changed in there as this discussion is not about an issue
> with the format.
5321 and 5322 are component specifications, although of course they do have
/some/ systems integrative text
On 10/7/2010 1:00 PM, Murray S. Kucherawy wrote:
> so maybe it's best to fall back to something more generic and say "a module
> can reject" instead of naming one or the other specifically.
+1
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_
Hi Murray,
At 13:08 07-10-10, Murray S. Kucherawy wrote:
>Even so, as Charles pointed out, I'm not sure exactly what it is we
>could ask them to change.
RFC 5322 specifies a format for Internet mail. I don't see what
could be changed in there as this discussion is not about an issue
with the f
Hi SM,
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of SM
> Sent: Thursday, October 07, 2010 1:02 PM
> To: ietf-dkim@mipassoc.org
> Subject: Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE
>
> At 10:57 06-10-10, MH M
At 10:57 06-10-10, MH Michael Hammer (5304) wrote:
>the place where the 5322 people roost (I hear that working group
>shut down as part of IETF reorg) and at least say... "hey, this came
>up in the context of 4871 and we believe
That working group did not shut down; it took a pause.
At 11:50 06
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Charles Lindsey
> Sent: Thursday, October 07, 2010 3:03 AM
> To: DKIM
> Subject: Re: [ietf-dkim] New Version Notification for
> draft-ietf-dkim-mailinglists-03
>
> You can d
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Charles Lindsey
> Sent: Thursday, October 07, 2010 3:50 AM
> To: DKIM
> Subject: Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE
>
> But since it is already a REQUIREMEN
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Charles Lindsey
> Sent: Thursday, October 07, 2010 3:29 AM
> To: DKIM
> Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple
> 5322.From
>
> > If we ca
Michael Thomas wrote:
>> Generally I agree, but does saying "verification is undefined" satisfy those
>> concerned that this is a security vulnerability? The example of
>> double-From: shows verification succeeds. It's the interpretation of those
>> results that is the problem.
>
> These are
On 10/07/2010 11:01 AM, Murray S. Kucherawy wrote:
>> -Original Message-
>> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
>> On Behalf Of Michael Thomas
>> Sent: Thursday, October 07, 2010 9:09 AM
>> To: Charles Lindsey
>> Cc: DKIM
>> Subject: Re: [ietf-dkim]
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Michael Thomas
> Sent: Thursday, October 07, 2010 9:09 AM
> To: Charles Lindsey
> Cc: DKIM
> Subject: Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE
>
> I'm with Steve
Michael Thomas wrote:
> On 10/07/2010 03:40 AM, Charles Lindsey wrote:
>> On Wed, 06 Oct 2010 13:00:25 +0100, Steve Atkins
>> wrote:
>>
>>> On Oct 6, 2010, at 1:47 AM, Mark Delany wrote:
Right. We could attempt to enumerate the 1,000 edge-cases we know
today and then re-bis 4871 for the
On 10/07/2010 03:40 AM, Charles Lindsey wrote:
> On Wed, 06 Oct 2010 13:00:25 +0100, Steve Atkins
> wrote:
>
>> On Oct 6, 2010, at 1:47 AM, Mark Delany wrote:
>
>>> Right. We could attempt to enumerate the 1,000 edge-cases we know
>>> today and then re-bis 4871 for the additional 1,000 edge-cases w
On Wed, 06 Oct 2010 13:00:25 +0100, Steve Atkins
wrote:
> On Oct 6, 2010, at 1:47 AM, Mark Delany wrote:
>> Right. We could attempt to enumerate the 1,000 edge-cases we know
>> today and then re-bis 4871 for the additional 1,000 edge-cases we
>> learn tomorrow, or we could simply say that inva
On Wed, 06 Oct 2010 13:25:28 +0100, Murray S. Kucherawy
wrote:
>> -Original Message-
>> From: ietf-dkim-boun...@mipassoc.org
>> [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Charles Lindsey
>> Sent: Wednesday, October 06, 2010 3:47 AM
>> To: DKIM
>> Subject: Re: [ietf-dkim] ISS
On Wed, 06 Oct 2010 18:57:10 +0100, MH Michael Hammer (5304)
wrote:
> If the consensus is that it is a problem but not really a 4871 problem
> then do we just walk away from it and leave it at that - "not our
> problem"? Should we perhaps look for the place where the 5322 people
> roost (
On Wed, 06 Oct 2010 13:01:29 +0100, Wietse Venema
wrote:
> Mark Delany:
>> Right. We could attempt to enumerate the 1,000 edge-cases we know
>> today and then re-bis 4871 for the additional 1,000 edge-cases we
>> learn tomorrow, or we could simply say that invalid 2822 messages
>> MUST never ver
On Wed, 06 Oct 2010 13:23:49 +0100, Murray S. Kucherawy
wrote:
>> -Original Message-
>> From: ietf-dkim-boun...@mipassoc.org
>> [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Charles Lindsey
>> Sent: Wednesday, October 06, 2010 4:36 AM
>> To: DKIM
>> Subject: Re: [ietf-dkim] New
IMHO, a user who would be fooled by your:
> From: President Obama
> From: Hector Santos
would also likely be fooled by:
> From: President Obama
The latter problem is a hole DKIM just can't plug. At least the
dual-From: trick is an easy signature to add to a content filter.
By the way, the
24 matches
Mail list logo
