-----Original Message-----
From: Douglas Otis [mailto:dotis(_at_)mail-abuse(_dot_)org]
It seems suitable to either reject or annotate a stern warning, those
messages where the domain refutes the algorithm claimed in the DKIM
signature.
Doug,
I'm still not convinced, but you have me thinking about it.
You're claiming that an attacker might craft a message claiming to use a hash
called something like MD6, and the absence of "h=md6" in the corresponding key
named by "d=" and "s=" in the signature should cause a rejection or an
appropriate annotation. But that would presuppose the "a=" in the signature
contains something like "rsa-md6" and, further, that the verifier knows what
that means. Otherwise, wouldn't the verifier in that case just kick the
signature out claiming an unknown signing algorithm?
Given that there are currently only two possible values for "a=" in a
signature, the only actual attack vector here is an "rsa-sha1" signature from a
site that claims "h=sha256" or vice-versa.
Is that still something about which we should be concerned?
-MSK
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html