Re: Rejected messages from the mailing list

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 2 Aug 2010 12:18:41 -0700 (PDT)

On Mon, 2 Aug 2010, Alessandro Vesely wrote:
> When rewriting, the odds that quotes around tokens in Content-Type may
> be altered is 50%. Wouldn't it be more robust to avoid signing that
> field, given current canonicalization capabilities?

Section 5.5 of the DKIM RFC lists Content-Type in its SHOULD list.

If you have data that back up the 50% claim, you might want to post that
to ietf-dkim. As we move DKIM toward draft standard, maybe that's
evidence that those fields should be removed from that list. The
counter-argument though will be one of security.

Or if the 50% claim is all addition or removal of quotes, perhaps that's
useful input for a more robust header canonicalization scheme.


>> I suggest returning all the verified signatures if you want to
>> catch cases like this one.
>
> That might be a good hint in general. When I saw that the library
> returns just one signature, with various options for pre-sorting them, I
> thought that checking all signatures had been limited in order to avoid
> some kind of DoS attack, e.g. messages with inordinate amounts of
> signatures --just guessing. Is that the reason the library has been
> designed that way?

The impetus for that design is that a filter can only return a single
pass/fail result to the MTA (i.e. either accept the message or don't) so a
filter can just rely on the return of dkim_eom() for simplicity. On the
other hand, it could also ignore that return value and examine all the
signatures, and then apply whatever heuristic it wants to use (e.g. favour
author signatures over third-party signatures). So you can do it however
you like.

-MSK
Received on Mon Aug 02 2010 - 19:19:01 PST