ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] detecting header mutations after signing

2010-10-13 15:13:26
from [MH Michael Hammer (5304)] [Permanent Link] 



-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Jeff Macdonald
Sent: Wednesday, October 13, 2010 3:59 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] detecting header mutations after signing

On Wed, Oct 13, 2010 at 2:47 PM, Scott Kitterman
<ietf-dkim(_at_)kitterman(_dot_)com> wrote:

On Wednesday, October 13, 2010 02:27:29 pm Jeff Macdonald wrote:

And even if there was a DKIM signature, it is the BAD GUY'S signature,
which should cause it to go into the SPAM folder, with a large
phishing warning.


No.  That misses the point entirely.  The problem here is that one can

take a

DKIM signed message that is signed by any entity and add additional
From/Subjects and the message may still appear to be the one signed by

the

original entity even though it's been modified post-signature.


Right. I had understood that and then forgot.

If DKIM is just viewed as providing an identifier and nothing more,
then this is a MUA problem.



What is the value of "an identifier" vs "a stable identifier"? IF all you are 
willing to say about "an identifier" is yep, that's mine and nothing else, what 
is the value to an evaluator if the message body and various headers can be 
modified? I've always viewed DKIM as weak rather than strong but this reduces 
it to the edge of meaningless.


If DKIM is viewed as providing more than an identifier, then this is a
DKIM problem.



This moves us in the direction of what is the use case for the identifier. I've 
said for a long time (from a phishing perspective) that if we let "bad" stuff 
(from a brand perspective) get to the enduser then it is game over (and yes, I 
realize that perfection is not necessarily achievable). This is why I am 
focused on the MTA rather than the MUA.

Having said that, if an MUA is going to present an indication of "DKIM PASS" to 
the enduser, then a reasonable person would expect some relationship between 
what is "passed" and what is presented to the enduser.

I understand the issues raised by Murray about the slippery slope. On the other 
hand, I would rather see an MUA present nothing about DKIM than give a false 
impression to endusers.

Mike

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Last call comment: Changing the g= definition, Barry Leiba
Next by Date:  Re: [ietf-dkim] What DKIM provides, again, Jeff Macdonald
Previous by Thread:  Re: [ietf-dkim] detecting header mutations after signing, Jeff Macdonald
Next by Thread:  Re: [ietf-dkim] detecting header mutations after signing, Mark Delany
Indexes:  [Date] [Thread] [Top] [All Lists]