On 7/20/2018 12:06 AM, Stefano Bagnara wrote:
h=from:to:subject:mime-version:sender:list-unsubscribe:content-type:content-transfer-encoding:feedback-id;
I saw some recommendation not to sign "To" but I don't think it is a
good practice (for the generic use case). If you don't sign the To
then anyone can "replay" your message to another recipient and make it
seem legit (pass DKIM).
There is a common view that the DKIM signature 'protects' the message.
It doesn't. The crypto signature technology is merely a digital 'glue'
for attaching the d= identifier in a fashion that is reliable and accurate.
The problem with the view of protection is that it is typically taken to
mean 'validate', with implications such as the From: field is
legitimate. Of course it actually means nothing of the sort, but people
keep thinking it does.
So the only goal for choosing what to 'sign' is deciding what parts of
the message need the glue.
Steve Atkin's list (From:Subject:Date) looks pretty reasonable to me,
when combined with the Body.
The concern for replay attack should be adequately mitigated by gluing
the d= identifier to the major substance of the message. The rest,
really, is handling-related, rather than substance(content) related.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
