ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From

2010-10-05 15:06:19

"Dave CROCKER" <dhc(_at_)dcrocker(_dot_)net> wrote:



On 10/5/2010 8:15 AM, Ian Eiloart wrote:
It has been observed by implementations that is it possible to replay
 a message with a 2nd 5322.From header at the top which wouldn't break
 the DKIM signature validity, but would often be displayed by MUAs to
 display the new 5322.From display rather than the signature bound
 5322.From header.
Ouch. That's nasty. But wouldn't it be better to advise MUA vendors to
display the signed header? Are there really MUA's that will display the
unsigned headers*and*  assert that it was validated? If so, that's surely a
bug in the implementation of the MUA.


Your comments underscore the importance of being careful about what we expect 
from DKIM.  As you note, if software is DKIM-aware, it also needs to be 
DKIM-intelligent.

At a deeper level, there is a continuing problem with casting DKIM as a 
mechanism to "protect" a message.  That's something that OpenPGP and S/Mime 
do; 
it's not something DKIM does.  DKIM merely tries to do enough to ensure that 
the 
d= is valid, to provide a basis for reputation assessment.

Hence, I recommend that this ISSUE be declined and closed.


Nack. DKIM also purports to provide assurance that the signed content of the 
message is unmodified. I think mentioning that all instances of a header that 
is signed should be used for signing and verification is a useful data point 
for implementors.

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>