On Fri, 15 Oct 2010 17:47:24 +0100, Jim Fenton <fenton(_at_)cisco(_dot_)com>
wrote:
On 10/15/10 6:06 AM, Charles Lindsey wrote:
I don't quite see what an attacker can usefully do by modifying messages
in transit. If they message was already signed (say by ebay), then the
attacker must somehow get ebay to sign a message with a useful (to him)
text in its body. So what is the benefit to him of making it appear
From:
someone who is not Ebay (except maybe to ensure that replies get sent to
him - since I assume that MUAs that only display the first header will
also Reply-To that header)?
An attacker could compose a message from some other domain with a good
reputation, and add a From header indicating it's really authored by
someone at a different domain (say by ebay). Even if ebay has an ADSP
record, it's possible that the invisible (originally) From address
would be used to in the author signature check, which would pass.
Exactly so, but that does not involve any "modifying messages in transit",
and people seem to be fixated on "modifying in transit" and on "replay
attacks", whereas the nastiest scams do not, AFAICS, involve either of
those. That was why I asked the question, and I have not seen a really
satisfactory answer to it yet.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html