Re: [ietf-dkim] detecting header mutations after signing

ietf-dkim

Re: [ietf-dkim] detecting header mutations after signing

2010-10-14 13:03:24

On 13/Oct/10 20:45, Scott Kitterman wrote:

On Wednesday, October 13, 2010 12:54:23 pm Murray S. Kucherawy wrote:

 If we can extract DKIM from the equation entirely and the problem remains,
 how is it a DKIM problem?


If the DKIM signature doesn't verify after signed headers have been altered,
then it's not.


Correct.  And the way that it fails to verify is h=from:from.

The only way that DKIM can consistently account for this exploit is by 
amending section 5.5 "Recommended Signature Content", and spell what 
fields MUST/SHOULD be duplicated in the h= tag.
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] detecting header mutations after signing, (continued) Re: [ietf-dkim] detecting header mutations after signing, Murray S. Kucherawy Re: [ietf-dkim] detecting header mutations after signing, John R. Levine Re: [ietf-dkim] detecting header mutations after signing, Graham Murray [ietf-dkim] DKIM support in MUAs, Martijn Grooten Re: [ietf-dkim] detecting header mutations after signing, Michael Thomas Re: [ietf-dkim] detecting header mutations after signing, Hector Santos Re: [ietf-dkim] detecting header mutations after signing, Dave CROCKER Re: [ietf-dkim] detecting header mutations after signing, Scott Kitterman Re: [ietf-dkim] detecting header mutations after signing, Murray S. Kucherawy Re: [ietf-dkim] detecting header mutations after signing, Hector Santos Re: [ietf-dkim] detecting header mutations after signing, Alessandro Vesely <= Re: [ietf-dkim] detecting header mutations after signing, Mark Delany Re: [ietf-dkim] detecting header mutations after signing, Alessandro Vesely Re: [ietf-dkim] detecting header mutations after signing, Mark Delany Re: [ietf-dkim] detecting header mutations after signing, Dave CROCKER Re: [ietf-dkim] detecting header mutations after signing, Bill.Oxley Re: [ietf-dkim] detecting header mutations after signing, MH Michael Hammer (5304) Re: [ietf-dkim] detecting header mutations after signing, Steve Atkins Re: [ietf-dkim] detecting header mutations after signing, Murray S. Kucherawy Re: [ietf-dkim] detecting header mutations after signing, Rolf E. Sonneveld Re: [ietf-dkim] detecting header mutations after signing, Douglas Otis

Previous by Date:	Re: [ietf-dkim] layer violations, was detecting header mutations after signing, John R. Levine
Next by Date:	Re: [ietf-dkim] layer violations, was detecting header mutations after signing, Murray S. Kucherawy
Previous by Thread:	Re: [ietf-dkim] detecting header mutations after signing, Hector Santos
Next by Thread:	Re: [ietf-dkim] detecting header mutations after signing, Mark Delany
Indexes:	[Date] [Thread] [Top] [All Lists]