ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] detecting header mutations after signing

2010-10-08 10:11:14
Wietse Venema wrote:

With this signer-side configuration solution, the verifier can
detect attempts to "spoof" any header that was covered by the DKIM
signature (spoof as in "add a forged header, and hope that naive
programs will use the forged header instead of the authentic one").

So the solution is already available in DKIM. We just need to use
the solution, and make it part of routine DKIM tests.

Having the signer put the extra junk in h= should make existing verifiers 
do the right thing, although I doubt the bit of verification code that 
checks for the non-existence of the N+1st header for N>0 is well tested in 
DKIM implementations.

To address this, make this solution part of routine DKIM test suites.

+1, however.....

This is only part of the solution.  A temporary one to allow current 
operators to cover themselves using their "Required Header" 
configuration, if any.

The real solution is to void double 5322.From messages. Either the 
DKIM compliant MSA, MDA do it or the "better" DKIM signer/verification 
engine does it to cover for legacy MSA, MDA or to make sure customers 
using a 3rd party signing engine are sending the proper mail to sign.

Can someone come up with IETF amenable copy text for Dave to add to 
4871bis that won't prohibit or slow it down its progress?

IMV, all would be implementers need to read is a basic idea of:

     "Make sure there are no two or more 5322.From headers when signing
      or verifying.  These messages should be voided."

and thats it.

-- 
HLS



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>