ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] layer violations, was detecting header mutations after signing

2010-10-20 06:26:37
from [Charles Lindsey] [Permanent Link] 
On Mon, 18 Oct 2010 21:19:18 +0100, Murray S. Kucherawy  
<msk(_at_)cloudmark(_dot_)com> wrote:


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org  
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles 
Lindsey
Sent: Monday, October 18, 2010 4:24 AM
To: DKIM
Subject: Re: [ietf-dkim] layer violations, was detecting header  
mutations after signing


Irrelevant for the current discussion.


On the contrary, that is precisely the attack of interest, so it is
supremely relevant. You claim it can be thwarted by other means, but  
have
failed to explain exactly how those "other means" would work.


On the contrary, none of this is within the prescribed scope of DKIM.   
ADSP and reputation (the latter of which is explicitly out of scope) are  
predicated on DKIM's output, not part of its input or its mechanics.

These topics are distractions from the effort of solidifying the DKIM  
specification for advancement along the standards track.  That's what I  
believe he means by "irrelevant for the current discussion".


The scam I have described involves the use, by the phisher, of a  
DKIM-signed (by himself) email with two From: headers, which is intended  
to fool verifiers into not spotting that the first signature should have  
triggered an ADSP lookup which would have revealed that the first From:  
was 'discardable'.

Naturally, the phisher signs with a throaway domain that has not yet  
acquired any reputation, good or bad.

Since the scam involves the use of DKIM, and since the only fix I am aware  
of requires a change to the DKIM standard, then it is highly relevant to  
the current discussion.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] double header reality check, SM
Next by Date:  Re: [ietf-dkim] ISSUE: 3.6.2.1 - Working with other TXT records, Charles Lindsey
Previous by Thread:  Re: [ietf-dkim] layer violations, was detecting header mutations after signing, Hector Santos
Next by Thread:  Re: [ietf-dkim] layer violations, was detecting header mutations after signing, Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]