ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] How mailing lists mutate messages

2006-01-24 11:58:14

On Jan 24, 2006, at 10:45 AM, John Levine wrote:

The mutations made by a list can be removed with a small effort.

Sorry, Doug, but that's simply not true. Visit Yahoo Groups, the largest list host in the world, for a few minutes, and come back and tell us how they would do it. Don't forget that their business model involves putting little tags with advertisements at the end of the messages, and many if not most of their messages are HTML coded.

Tony encapsulated the only sensible model: you break it, you sign it.

I agree with this however...

I was commenting upon the idea that valid signatures, although mutated by a list-server, can be recovered with some effort _by the bad actors_. They of course would send messages that would undergo only minor transformations. The goal would be to recover the message and restore functionality of the signature in order to stage replay attacks, taking advantage of the originating domains reputation. (Soon lost as a result of the signature leak.)

-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>