On Wed, 20 May 2009 17:55:53 +0100, Dave CROCKER <dhc(_at_)dcrocker(_dot_)net>
wrote:
Steve Atkins wrote:
It means that I can, for example, take one copy of a service notice
from my bank, leave the headers the same and replace the URLs
in the body of the message to links to my website, then send it
out to a hundred thousand people - and it would be validly signed
by the bank. (The only user-visible content I wouldn't be able to
change is the subject line).
This sounds like a plausible and serious scenario. Even with l>0, it
suggests a
line of attack -- by adding malicious text that appears to be part of
the bank
notice.
Only if the bank was stupid enough to sign with l=0 in the first place.
Clearly people who know they are phishing targets will not have l= tags at
all.
But the vast majority of email senders are not phishing targets.
What is the counter-argument, in favor of retaining l= ?
l=0 might be appropriate for Usenet control messages, where the important
information is entirely in the headers. Even if l=<length of message> were
used it would help, since currently the commonest cause of Usenet control
message failures is extra white lines tagged on the end in transit.
l=0 would also be appropriate when other precautions were being taken to
authenticate the bidy (e.g. Content-MD5, where the Content-MD5 header
itself was included in the signature).
And l=<actual message length> is always suitable when the end of the
message is marked clearly in some other way, so that an addition is
immediately seen as such.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html