#11 Headers checking before signing

v0.1.15
open
nobody
5
2009-06-01
2004-07-28
No

Hello,

Here is some thoughs about headers checking before
signing a message.

Before signing, the filter should check the count of
headers of each kind, and sign it only if the count is
coherent with RFC 2822.

RFC 2822, paragraph 3.6 specifies the range the count
of headers of some kind shall be in - e.g.

Date: [1,1] - one and only one
From : [1,1] - one and only one
To : [0,1] - no or only one
Cc : [0,1] - no or only one

This is very important to two fields : Date and From.

Decision on sign it or not is based on From header. So,
I think if this header doesn't conforms to RFC 2822,
the message shall not be signed. This will become even
more critical if someday the message is signed based
not only on the domain part, but also on the user part
of the address.

The Date header is also important (but less important
than From), as it may prevents message replay. Checking
the value of the Date field may be something
interesting. Even if this isn't done nowadays, it could
be a good idea to let some provision to do it later.

Other headers are less important.

Jose-Marcio.Martins@ensmp.fr

Discussion

  • Logged In: YES
    user_id=1048957

    Will be available as an FFR in 0.1.17.

     
    • milestone: --> v0.1.15
    • assigned_to: nobody --> sm-msk
     
  • Logged In: YES
    user_id=1048957

    This should be moved from dk-filter to libdk. Moreover, the
    enforcement should apply to which headers are signed, not
    just which headers are present.

     
    • assigned_to: sm-msk --> nobody