On Wednesday, October 13, 2010 12:54:23 pm Murray S. Kucherawy wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles
Lindsey
Sent: Wednesday, October 13, 2010 9:12 AM
To: DKIM
Subject: Re: [ietf-dkim] detecting header mutations after signing
The bad guy (the phisher) provides two From headers, but only signs one
which, as DKIM is currently defined, has to be the second one.
His two headers are:
From: info(_at_)ebay(_dot_)com
From: info(_at_)phisher(_dot_)com
BUT many/most MUAs currently display only the first From header if two
are provided. There is no reason why the verifier at the boundary should
report an invalid signature, so the message gets through to the intended
victim who just sees what his MUA shows him, which apparently is a
message from the genuine ebay address.
This is true if the message is not DKIM-signed at all. The rendering
choice you're highlighting here already exists in many/most MUAs.
If we can extract DKIM from the equation entirely and the problem remains,
how is it a DKIM problem?
If the DKIM signature doesn't verify after signed headers have been altered,
then it's not.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html