I've removed Tim Polk from the Cc: list because he is not our sponsoring AD.
Our sponsoring AD is already on this list.
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Ian Eiloart
Sent: Tuesday, October 05, 2010 5:15 AM
To: Hector Santos; ietf-dkim(_at_)mipassoc(_dot_)org
Cc: Tim Polk
Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple
5322.From
It has been observed by implementations that is it possible to replay
a message with a 2nd 5322.From header at the top which wouldn't break
the DKIM signature validity, but would often be displayed by MUAs to
display the new 5322.From display rather than the signature bound
5322.From header.
Ouch. That's nasty. But wouldn't it be better to advise MUA vendors to
display the signed header? Are there really MUA's that will display the
unsigned headers *and* assert that it was validated? If so, that's
surely a bug in the implementation of the MUA.
This is a non-issue for DKIM anyway. All of this work is predicated on an
email that's properly formatted, and RFC5322 says a message with multiple From:
headers is malformed. So this is not specifically an attack on DKIM.
I don't think it's practical in DKIM to enumerate all the ways various
malformations can cause misleading displays in an MUA.
The MLM draft work included some chatter about some advice for MUA
implementers. If and when that work is consolidated into a new document of
some kind, this issue would be a good one to put there.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html