Re: New Version Notification for draft-kucherawy-mta-malformed-00

+1

Once it becomes a subjective design with indeterminate states, the 
game is over. But then again, that is probably what this draft is 
looking for - narrowing down some of the subjective designs because 
maybe they are not subjective and can fall under a non-compliancy status.

IMV, not much will be done (expend resources, time and money to change 
software) unless there are security related issues.  The multi-from 
issue and how it related to DKIM is one of them.  This particular 
discovery should be shared for the rest of the non-dkim world to mitigate.

--

-- 
Sincerely

Hector Santos
http://www.santronics.com

Douglas Otis wrote:
> 
> On 11/30/10 11:55 AM, Murray S. Kucherawy wrote:
>>> On Tuesday, November 30, 2010 11:11 AM, Douglas Otis wrote:
>>>
>>> DKIM should be repaired to ensure deceptive malformed header fields do
>>> not verify as having valid DKIM signatures to prevent the exploits, such
>>> as having multiple singleton header fields invalidate signatures.  DKIM
>>> should have included checks necessary to disqualify messages likely
>>> crafted by malefactors.  These checks may need to grow over time.  The
>>> impact of adding checks to DKIM's verification process will not justify