ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] draft-fenton-dkim-threats-01.txt

2005-11-01 17:17:16
from [Arvel Hathcock] [Permanent Link]
DKIM can not address this issue however messaging authors like myself (get ready for some RFC blasphemy) can optionally strip off all comment text from origin headers. So, there's never _ever_ the possibility of this taking place with users of our software. If there's no "pretty text" to display then there's none passed on to the MUA. That should solve it. Nobody is going to hell for stripping optional text out of mail headers so some certain of you who just started praying for my soul can rest easy :) 

--
Arvel
----- Original Message ----- From: "wayne" <wayne(_at_)schlitt(_dot_)net> 
To: "IETF DKIM WG" <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Tuesday, November 01, 2005 1:07 PM
Subject: Re: [ietf-dkim] draft-fenton-dkim-threats-01.txt
In <0AEB18845270404F88B2503180D4586908FD4753(_at_)DEN-EXM-01(_dot_)corp(_dot_)ebay(_dot_)com> "Edberg, Jeremy" <jedberg(_at_)ebay(_dot_)com> writes: 


Another related attack that I did not see mentioned in the threat
analysis is what we call the "pretty from" attack.  Most popular email
clients display the arbitrary text in the From header as the display
name, if there is one.  For example, if the from header were 'From
"aw-confirm(_at_)ebay(_dot_)com" <badguy(_at_)badguy(_dot_)com>', the client 
would show
"aw-confirm(_at_)ebay(_dot_)com" as the from address.




_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] ebay / eboy, Douglas Otis
Next by Date:  opaque-identifier scaling (was: Re: [ietf-dkim] ebay / eboy), Stephen Farrell
Previous by Thread:  Re: [ietf-dkim] draft-fenton-dkim-threats-01.txt, Mark Delany
Next by Thread:  [ietf-dkim] A plea to the silent amongst us, Arvel Hathcock
Indexes:  [Date] [Thread] [Top] [All Lists]