ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] detecting header mutations after signing

2010-10-13 11:50:55
from [Charles Lindsey] [Permanent Link] 
On Mon, 11 Oct 2010 14:07:03 +0100, Wietse Venema 
<wietse(_at_)porcupine(_dot_)org>
wrote:


Charles Lindsey:



All you have ensured is that any message signed (say by ebay) is proof
against reply attacks that add additional headers.

But the scam we are considering does not involve replay attacks at all.  
It
involves a message created and signed by the scammer using his own key.


Please read my entire response carefully before responding.

The above detects the case where a bad guy adds a forged header to
a DKIM-signed message, in the hope that naive mail programs will
render their forged header with an indication that THE GOOD GUY'S
DKIM SIGNATURE VERIFIED.


Yes, and that is relatively easy to guard against by careful signing. But
it is not the scam I am talking about.


When the bad guy sends mail with (multiple) forged headers, the
best they can get is that naive mail programs render their forged
header with an indication that THE BAD GUY'S DKIM SIGNATURE VERIFIED.

Sending forged headers with bad guy's DKIM signatures is not an
interesting attack on DKIM.


On the contrary, it is an exceedingly interesting attack.
It is in fact exactly and precisely the attack against which we currently
have NO DEFENCE.

The bad guy (the phisher) provides two From headers, but only signs one
which, as DKIM is currently defined, has to be the second one.

His two headers are:

     From: info(_at_)ebay(_dot_)com
     From: info(_at_)phisher(_dot_)com

BUT many/most MUAs currently display only the first From header if two are
provided. There is no reason why the verifier at the boundary should
report an invalid signature, so the message gets through to the intended
victim who just sees what his MUA shows him, which apparently is a message
  from the genuine ebay address.



-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] FW: An issue with DKIM reporting extensions, Steve Atkins
Next by Date:  Re: [ietf-dkim] Last call comment: Changing the g= definition, Barry Leiba
Previous by Thread:  Re: [ietf-dkim] detecting header mutations after signing, Wietse Venema
Next by Thread:  Re: [ietf-dkim] detecting header mutations after signing, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]