On Jun 26, 2008, at 12:56 PM, J.D. Falk wrote:
> On 26/06/2008 10:53, "Dave Crocker" <[EMAIL PROTECTED]> wrote:
>
>> But the idea that anyone would think that a signing mechanism
>> designed to
>> operate on RFC 2822 messages would somehow be expected to operate
>> successfully
>> on non-conf
On 26/06/2008 10:53, "Dave Crocker" <[EMAIL PROTECTED]> wrote:
> But the idea that anyone would think that a signing mechanism designed to
> operate on RFC 2822 messages would somehow be expected to operate successfully
> on non-conformant messages really bothers me.
And yet, those questions keep
Murray S. Kucherawy wrote:
> +1, and I would go even further to say that we should have an errata item
> against RFC4871 which says we should add that DKIM presumes a properly-formed
> RFC2822-style message, and that its application to other messages produces
> undefined results.
Let's think
On Wed, 2008-06-25 at 13:13 -0400, J D Falk wrote:
> On 19/06/2008 18:28, "Murray S. Kucherawy" <[EMAIL PROTECTED]> wrote:
>
> >> My theory is that DKIM only applies to valid 2822 messages, and
> it's not
> >> a substitute for a sanity check for all the screwy things one can
> send
> >> in a non-
On 19/06/2008 18:28, "Murray S. Kucherawy" <[EMAIL PROTECTED]> wrote:
>> My theory is that DKIM only applies to valid 2822 messages, and it's not
>> a substitute for a sanity check for all the screwy things one can send
>> in a non-conformant message. Perhaps it would be a good idea someday to
>>
Jon Callas wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>> My theory is that DKIM only applies to valid 2822 messages, and it's
>> not a substitute for a sanity check for all the screwy things one
>> can send in a non-conformant message. Perhaps it would be a good
>> idea some
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> My theory is that DKIM only applies to valid 2822 messages, and it's
> not a substitute for a sanity check for all the screwy things one
> can send in a non-conformant message. Perhaps it would be a good
> idea someday to
> collect experience
On Wed, 18 Jun 2008, [EMAIL PROTECTED] wrote:
> [ not about ADSP, about DKIM ]
>
> An acquaintance points out that one could prepend an extra From: or
> Subject: header to a DKIM signed message, which wouldn't break the
> signature, but would often be displayed by MUAs which show the new one
> r
On Thu, 19 Jun 2008 01:56:43 +0100, Hector Santos <[EMAIL PROTECTED]>
wrote:
> Why? Why put further confusion and ambiguity on receivers? Why further
> perpetuate a continued recognition of a lower payoff in DKIM analysis?
> Why make the life the support people or whoever trying to make heads
On Wed, 18 Jun 2008 17:12:44 +0100, SM <[EMAIL PROTECTED]> wrote:
> There is an implementation note about signing all end-user visible
> header fields. The topic of multiple From headers came up during a
> discussion about a DK implementation. It was suggested not to sign
> such messages. If I
Frank Ellermann wrote:
> Hector Santos wrote:
>
>> If DKIM h= has from:to:subject:date: and one or more
>> of these fields are missing - BINGO - instance REJECT
>
> Wait a moment, didn't DKIM support the concept of a
> signed *absence* of certain header fields using h= ?
True, except From:, but
SM wrote:
> This is not related to ADSP.
I believe the OP knew that.
> At 14:05 18-06-2008, Hector Santos wrote:
>> But more importantly, consider that DKIM binding *instructs* you what
>> headers must be present. Therefore, this is going to be one of the top
>> strong "sanity checks" to optimiz
This is not related to ADSP.
At 14:05 18-06-2008, Hector Santos wrote:
>But more importantly, consider that DKIM binding *instructs* you what
>headers must be present. Therefore, this is going to be one of the top
>strong "sanity checks" to optimized DKIM processors. Why bother to
>waste time re
Hector Santos wrote:
> If DKIM h= has from:to:subject:date: and one or more
> of these fields are missing - BINGO - instance REJECT
Wait a moment, didn't DKIM support the concept of a
signed *absence* of certain header fields using h= ?
*In theory* it could make sense to add Reply-To and
Sender
SM wrote:
> At 05:17 18-06-2008, John Levine wrote:
>> My theory is that DKIM only applies to valid 2822 messages, and it's not a
>> substitute for a sanity check for all the screwy things one can send in a
>> non-conformant message. Perhaps it would be a good idea someday to
>> collect experienc
Dave Crocker wrote:
>
> John Levine wrote:
>> My theory is that DKIM only applies to valid 2822 messages, and it's not a
>> substitute for a sanity check for all the screwy things one can send in a
>> non-conformant message.
>
>
> +1
huh?
-1, DKIM will be a "Sanity Check" for 2822 headers.
John Levine wrote:
> it's not our problem. Agreed?
+1 Maybe add a paragraph to the security considerations
explaining that ADSP is about syntactically valid
2822upd messages especially wrt From: header fields.
Frank
___
NOTE WELL: This l
At 05:17 18-06-2008, John Levine wrote:
>[ not about ADSP, about DKIM ]
>
>An acquaintance points out that one could prepend an extra From: or
>Subject: header to a DKIM signed message, which wouldn't break the
>signature, but would often be displayed by MUAs which show the new one
>rather than the
John Levine wrote:
> My theory is that DKIM only applies to valid 2822 messages, and it's not a
> substitute for a sanity check for all the screwy things one can send in a
> non-conformant message.
+1
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_
[ not about ADSP, about DKIM ]
An acquaintance points out that one could prepend an extra From: or
Subject: header to a DKIM signed message, which wouldn't break the
signature, but would often be displayed by MUAs which show the new one
rather than the old one. Needless to say, that weakens th
20 matches
Mail list logo