Re: [ietf-dkim] the usual misunderstanding about what DKIM promises

2010-10-24 Thread Hector Santos
Barry, I think this might be a matter of definition for validity. I was not speaking of truthfulness, authentication or authorization. I am stating that a valid DKIM signature is making a series of validity statements or correctness assertions for the various parts it binds to the

Re: [ietf-dkim] the usual misunderstanding about what DKIM promises

2010-10-24 Thread Dave CROCKER
On 10/23/2010 12:25 PM, Barry Leiba wrote: No, not at all. While I think it was probably a mistake to make the signing of ANY header fields MUST (we should have just put From in with the other SHOULD fields), the fact that From MUST be signed says, in itself, nothing about the *validity* of

Re: [ietf-dkim] the usual misunderstanding about what DKIM promises

2010-10-24 Thread Hector Santos
Dave CROCKER wrote: I have two submission domains that I use. One, gmail.com, which does DKIM signing, will only allow me to use a From address after it has sent a test message to that address and seen that I can access the test message. So it's made *some* level of confirmation that I

[ietf-dkim] Proposal for new text about multiple header issues

2010-10-24 Thread Murray S. Kucherawy
Here's my proposal for a section in Security Considerations to talk about the malformation issues that have been discussed on the list. This is an addition to -02 directly and does not continue from any of the other proposals. 8.14 Malformed Inputs The universe of email is replete with

Re: [ietf-dkim] Proposal for new text about multiple header issues

2010-10-24 Thread John Levine
I mostly agree. (Wow!) 1) During the handling of a message in conjunction with a DKIM result that indicates a valid signature, consider as valid only those fields and the body portion that was covered by the signature. Note that this is not to say unsigned content is not valid, but merely

Re: [ietf-dkim] Proposal for new text about multiple header issues

2010-10-24 Thread Murray S. Kucherawy
-Original Message- From: John Levine [mailto:jo...@iecc.com] Sent: Sunday, October 24, 2010 9:25 PM To: ietf-dkim@mipassoc.org Cc: Murray S. Kucherawy Subject: Re: [ietf-dkim] Proposal for new text about multiple header issues I mostly agree. (Wow!) Huzzah! 2) Refuse outright

[ietf-dkim] Statistics about DKIM and MIME

2010-10-24 Thread Murray S. Kucherawy
OpenDKIM now has enough data to make some interesting observations about signatures and MIME. As far as MIME encodings go (only the outermost encoding was counted), there was a pretty common theme: binary failed 4% of the time quoted-printable failed 4% of the time 7bit failed 7.7% of the time

Re: [ietf-dkim] Proposal for new text about multiple header issues

2010-10-24 Thread Steve Atkins
On Oct 24, 2010, at 9:05 PM, Murray S. Kucherawy wrote: Here’s my proposal for a section in Security Considerations to talk about the malformation issues that have been discussed on the list. This is an addition to -02 directly and does not continue from any of the other proposals. I

Re: [ietf-dkim] Proposal for new text about multiple header issues

2010-10-24 Thread Mark Delany
The universe of email is replete with software that forgives messages which do not conform strictly to the grammar that defines what valid email looks like. This is a long-standing practice known informally as the robustness principle, originally coined by Jon Postel: Be conservative in what

Re: [ietf-dkim] Proposal for new text about multiple header issues

2010-10-24 Thread Murray S. Kucherawy
-Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Mark Delany Sent: Sunday, October 24, 2010 9:56 PM To: ietf-dkim@mipassoc.org Subject: Re: [ietf-dkim] Proposal for new text about multiple header issues Well, I'm clearly

Re: [ietf-dkim] Proposal for new text about multiple header issues

2010-10-24 Thread Dave CROCKER
On 10/24/2010 9:55 PM, Mark Delany wrote: Well, I'm clearly the outlier here, but I think be liberal is protocol nonsense that has been accepted as conventional wisdom for far too long now. Put another way, Accept crud and pass it on constitutes good protocol design? Gimme a break. Jon

Re: [ietf-dkim] Proposal for new text about multiple header issues

2010-10-24 Thread Steve Atkins
On Oct 24, 2010, at 9:55 PM, Mark Delany wrote: The universe of email is replete with software that forgives messages which do not conform strictly to the grammar that defines what valid email looks like. This is a long-standing practice known informally as the robustness principle,

Re: [ietf-dkim] Proposal for new text about multiple header issues

2010-10-24 Thread Murray S. Kucherawy
-Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Sunday, October 24, 2010 9:54 PM To: IETF DKIM WG Subject: Re: [ietf-dkim] Proposal for new text about multiple header issues 1) During the handling of

Re: [ietf-dkim] Proposal for new text about multiple header issues

2010-10-24 Thread Steve Atkins
On Oct 24, 2010, at 10:15 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Sunday, October 24, 2010 9:54 PM To: IETF DKIM WG Subject: Re: [ietf-dkim] Proposal for new text

Re: [ietf-dkim] Proposal for new text about multiple header issues

2010-10-24 Thread Hector Santos
Mark Delany wrote: The universe of email is replete with software that forgives messages which do not conform strictly to the grammar that defines what valid email looks like. This is a long-standing practice known informally as the robustness principle, originally coined by Jon Postel: Be