ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] layer violations, was detecting header mutations after signing

2010-10-21 10:20:36
from [Alessandro Vesely] [Permanent Link] 
On 20/Oct/10 19:48, Douglas Otis wrote:

On 10/20/10 7:27 AM, Alessandro Vesely wrote:

For example, the initial paragraph of section 5.4 could be
modified so as to read:

  The From header field MUST be signed; that is, it MUST be included
  at least once in the "h=" tag of the resulting DKIM-Signature
  header field, and SHOULD be included twice (see Section 8.14).  In
  addition, the signer MUST ensure that at most one instance of the
  From field actually exists in the header.

[...]
Verifiers would then discard any From field after the first one,
whether signed or not.


While this represents a defensive posture that might be used prior to
DKIM reliably returning PERMFAIL when multiple From header fields are
contained within the message,  it only thwarts half of the threat
created by multiple From header fields.   As both Charles and I have
illustrated:


     DKIM-Signature: d=Big-IPS.com; h=from; (supposedly)...

  From Accounts(_at_)Big-Bank(_dot_)com
  From Someone(_at_)Big-IPS(_dot_)com
Subject: Audit notification
<body of text saying anything>

This message could be sent directly, or distributed by replaying it to
millions of recipients.


In my hypothesis, a verifier would discard the 2nd "From 
Accounts(_at_)Big-Bank(_dot_)com", at least for hashing purposes.  If they were 
both signed, PERMFAIL would result from a mismatch in the header-hash. 
  If Big-Bank had been added after signing, verifiers are already 
authorized to delete that field from the message, according to the 
current PS.  Isn't that enough?

Further thwarts can be specified in some ADSPbis, eventually.  In 
particular:

   DKIM-Signature: d=Big-IPS.com; h=from; ...
   From: Someone(_at_)Big-IPS(_dot_)com, Accounts(_at_)Big-Bank(_dot_)com
   Subject: Audit notification
   ... (missing Sender)


Nothing Big-Bank.com might do with their signing mitigates this variant
of the double From header field attack.  The ONLY sure method is to
ensure DKIM always returns PERMFAIL when multiple From header fields are
detected, whether both or one of them are signed.


I don't think the spec should impose surplus security.  The minimal 
layer violation quoted above might be forgiven after considering the 
importance of the From field for DKIM.
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] detecting header mutations after signing, Charles Lindsey
Next by Date:  Re: [ietf-dkim] I-D Action:draft-ietf-dkim-mailinglists-04.txt, J.D. Falk
Previous by Thread:  Re: [ietf-dkim] layer violations, was detecting header mutations after signing, Douglas Otis
Next by Thread:  Re: [ietf-dkim] layer violations, was detecting header mutations after signing, John R. Levine
Indexes:  [Date] [Thread] [Top] [All Lists]