Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.F

ietf-dkim

Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From

2010-10-05 11:34:07

Murray S. Kucherawy wrote:

But the attacker in this scenario is already the signer (or has
compromised the signer), so he/she will just sign the single From:.


If the attacker is the signer, they can just as well resign many times.

I don't think that's the scenario that Hector meant, though.

Perhaps this could be mentioned in the spec with a specific reference
to the From header, but in general terms the spec is pretty clear
about how to prevent the addition of a header field.


From: is already there.  The RFC explains how to prevent addition of a
field that wasn't there to begin with, not to prevent addition of new
ones.


No, read section 5.4 again.  Hector even quoted the relevant parts in his 
thread opening message.

-Julian

signature.asc
Description: This is a digitally signed message part.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, (continued) Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Hector Santos Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Hector Santos Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, John Levine Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Julian Mehnle Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Hector Santos Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Julian Mehnle Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Hector Santos Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Julian Mehnle Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Julian Mehnle <= Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy Re: [ietf-dkim] signing and verifying invalid messages, John Levine Re: [ietf-dkim] signing and verifying invalid messages, Michael Thomas Re: [ietf-dkim] signing and verifying invalid messages, Hector Santos Re: [ietf-dkim] signing and verifying invalid messages, J.D. Falk Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Charles Lindsey Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Charles Lindsey Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy

Previous by Date:	Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Hector Santos
Next by Date:	Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy
Previous by Thread:	Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy
Next by Thread:	Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From, Murray S. Kucherawy
Indexes:	[Date] [Thread] [Top] [All Lists]