ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Pete's review of 4871bis

2011-06-30 09:39:20
from [Charles Lindsey] [Permanent Link] 
On Wed, 29 Jun 2011 18:31:04 +0100, Murray S. Kucherawy  
<msk(_at_)cloudmark(_dot_)com> wrote:


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org  
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles 
Lindsey
Sent: Wednesday, June 29, 2011 9:20 AM
To: DKIM
Subject: Re: [ietf-dkim] Pete's review of 4871bis

I agree that 8.14 is poorly written (and it was even worse a while  
back).
However, there most certainly IS an attack here, which is NOT the same  
as
the related attack discussed in 8.15, and cannot be prevented by putting
extra entries in the 'h=' tag. Unfortunately, many WG members have  
failed
to understand the difference between the two.


That's a mischaracterization of the objection.  "h=from:from:..." was  
not meant to address the attack about which you are complaining.


True, but up to a couple of months ago that was not clear in 8.14/8.15,  
and I suspect some WG members still have not caught up with the  
distinction.


Nobody has said either of the two variants of this attack are not valid  
concerns.  The dispute is about what module in the handling of a message  
is responsible for detecting and dealing with it.


That is true enough, but there is no indication anywhere as to what  
subsequent modules in the chain ARE to be responsible for it, axcept for  
ADSP (and I agree with Pete that it is an attack on ADSP); but the WG  
seems to have washed its hands of ADSP.


Since the problem exists even with a message that is not DKIM-signed, I  
still fail to understand how this is specifically a DKIM problem.


The problem is that an apparently valid signature (albeit atching the  
wrong From) is likely to give a false impression of validity somewhere  
along the line unless modules down the line are watchig for this case (and  
for sure MUAs will not be watching for it for a long time, so it is the  
ISPs/boundary agents that need to do it).

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Pete's review of 4871bis, Charles Lindsey
Next by Date:  Re: [ietf-dkim] Pete's review of 4871bis, Murray S. Kucherawy
Previous by Thread:  Re: [ietf-dkim] Pete's review of 4871bis, Murray S. Kucherawy
Next by Thread:  Re: [ietf-dkim] Pete's review of 4871bis, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]