Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.F

ietf-dkim

[Top] [All Lists]

<prev [Date] next>

<prev [Thread] next>

Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From

2010-10-05 11:00:21

from [Murray S. Kucherawy]

[Permanent Link]

-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Julian Mehnle
Sent: Tuesday, October 05, 2010 7:27 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 
5322.From

No.  The trick is to list From twice in h=.  This ensures more From
headers cannot be added without breaking the signature.


But the attacker in this scenario is already the signer (or has compromised the 
signer), so he/she will just sign the single From:.

Perhaps this could be mentioned in the spec with a specific reference
to the From header, but in general terms the spec is pretty clear about
how to prevent the addition of a header field.


From: is already there.  The RFC explains how to prevent addition of a field 
that wasn't there to begin with, not to prevent addition of new ones.

Enumerating MUA issues, though, is a bottomless pit and not really within our 
scope to do.  We should avoid it.


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, (continued) Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Scott Kitterman Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Hector Santos Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Hector Santos Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, John Levine Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Julian Mehnle Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Hector Santos Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Julian Mehnle Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Hector Santos Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Julian Mehnle Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy <= Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Julian Mehnle Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy Re: [ietf-dkim] signing and verifying invalid messages, John Levine Re: [ietf-dkim] signing and verifying invalid messages, Michael Thomas Re: [ietf-dkim] signing and verifying invalid messages, Hector Santos Re: [ietf-dkim] signing and verifying invalid messages, J.D. Falk Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Charles Lindsey Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Charles Lindsey Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy

Previous by Date:	Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Douglas Otis
Next by Date:	Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Hector Santos
Previous by Thread:	Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Julian Mehnle
Next by Thread:	Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Julian Mehnle
Indexes:	[Date] [Thread] [Top] [All Lists]