On Mon, 18 Oct 2010 21:19:18 +0100, Murray S. Kucherawy
<msk(_at_)cloudmark(_dot_)com> wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles
Lindsey
Sent: Monday, October 18, 2010 4:24 AM
To: DKIM
Subject: Re: [ietf-dkim] layer violations, was detecting header
mutations after signing
Irrelevant for the current discussion.
On the contrary, that is precisely the attack of interest, so it is
supremely relevant. You claim it can be thwarted by other means, but
have
failed to explain exactly how those "other means" would work.
On the contrary, none of this is within the prescribed scope of DKIM.
ADSP and reputation (the latter of which is explicitly out of scope) are
predicated on DKIM's output, not part of its input or its mechanics.
These topics are distractions from the effort of solidifying the DKIM
specification for advancement along the standards track. That's what I
believe he means by "irrelevant for the current discussion".
The scam I have described involves the use, by the phisher, of a
DKIM-signed (by himself) email with two From: headers, which is intended
to fool verifiers into not spotting that the first signature should have
triggered an ADSP lookup which would have revealed that the first From:
was 'discardable'.
Naturally, the phisher signs with a throaway domain that has not yet
acquired any reputation, good or bad.
Since the scam involves the use of DKIM, and since the only fix I am aware
of requires a change to the DKIM standard, then it is highly relevant to
the current discussion.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html