ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] detecting header mutations after signing

2010-10-13 12:04:11
On Mon, 11 Oct 2010 23:05:13 +0100, Wietse Venema 
<wietse(_at_)porcupine(_dot_)org>  
wrote:

Charles Lindsey:
When the bad guy sends mail with (multiple) forged headers, the
best they can get is that naive mail programs render their forged
header with an indication that THE BAD GUY'S DKIM SIGNATURE VERIFIED.

Sending forged headers with bad guy's DKIM signatures is not an
interesting attack on DKIM.

On the contrary, it is an exceedingly interesting attack.

Note that Wietse is replying to a message that I mistakenly sent to him  
offlist. I have now reposted that messqge for all to see.

If you believe that sending mail with a valid bad guy signature is
an interesting attack on DKIM, then that implies that you're willing
to believe mail that is signed by arbitrary strangers.  That is a
problem that DKIM is not designed to solve.

The average naive user never gets the chance to be willing or not to  
believe mail that is signed by arbitrary strangers, for the simple reason  
that his MUA does not routinely display any headers that mention  
signatures at all. All he sees is a message apparently From a known  
genuine ebay address (his MUA happens not to show the second From placed  
there by the phisher).

Worse, he may be vaguely aware that his provider/boundary implements some  
amazing crypto stuff that purportedly guarantees that forged email From  
genuine ebay addresses will be stopped, and that will reinforce his belief  
that the message he saw is genuine.

And yet the tests provided by his provider/boundary are 100% 4871  
compliant. Surely this shows that there is something seriously wrong with  
4871, which is clearly not providing the service it was supposed to.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html