Charles Lindsey:
On Fri, 08 Oct 2010 18:25:40 +0100, Wietse Venema
<wietse(_at_)porcupine(_dot_)org>
wrote:
If I understand things correctly, the solution is already available
in DKIM today. It involves signer configuration (sign for N+1
instances of each header that is covered by the signature) and
requires no change in protocol or semantics. It merely hardens the
DKIM signature and I see nothing wrong with doing so.
If I am mistaken then please correct me.
You are indeed mistaken.
All you have ensured is that any message signed (say by ebay) is proof
against reply attacks that add additional headers.
But the scam we are considering does not involve replay attacks at all. It
involves a message created and signed by the scammer using his own key.
Please read my entire response carefully before responding.
The above detects the case where a bad guy adds a forged header to
a DKIM-signed message, in the hope that naive mail programs will
render their forged header with an indication that THE GOOD GUY'S
DKIM SIGNATURE VERIFIED.
When the bad guy sends mail with (multiple) forged headers, the
best they can get is that naive mail programs render their forged
header with an indication that THE BAD GUY'S DKIM SIGNATURE VERIFIED.
Sending forged headers with bad guy's DKIM signatures is not an
interesting attack on DKIM.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html