On Fri, 08 Oct 2010 18:25:40 +0100, Wietse Venema
<wietse(_at_)porcupine(_dot_)org>
wrote:
If I understand things correctly, the solution is already available
in DKIM today. It involves signer configuration (sign for N+1
instances of each header that is covered by the signature) and
requires no change in protocol or semantics. It merely hardens the
DKIM signature and I see nothing wrong with doing so.
If I am mistaken then please correct me.
You are indeed mistaken.
All you have ensured is that any message signed (say by ebay) is proof
against reply attacks that add additional headers.
But the scam we are considering does not involve replay attacks at all. It
involves a message created and signed by the scammer using his own key.
Naturally, scammers feel no obligation to follow advice or requirements in
standards, so they will sign just one instance of the two headers.
The ONLY way to defeat this scam is for the Verifier to count the headers
itself. And the threat is serious enough that the counting has to be a
MUST.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html