Re: [ietf-dkim] Proposal for new text about multiple header issues

On 28/Oct/10 03:36, Douglas Otis wrote:

I'll repeat the example given previously.  The multiple listing of a
header in the h= parameter can not mitigate exploitation of DKIM PASS
results where a valuable domain is prefixed to that of large domain.
The large domain is unlikely concerned by possible presence of a
pre-pended header field, where their decision not to include multiple
listing for a message clearly not compliant with RFC5322.  In other
words, this leaves DKIM results open to exploitation.

From: accounts(_at_)big-bank(_dot_)com
From: someone(_at_)big-isp(_dot_)com
DKIM-Signature: h=from, d=big-isp.com, ...


Besides RFC 5322 compliance, how is this different from a traditional 
unsigned spoofed "From: accounts(_at_)big-bank(_dot_)com"?  Having just a 
signature doesn't mean much, and spelling how to match signature and 
 From field is ADSP's job, even in corner cases.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [ietf-dkim] running code, wildcard dep't, Hector Santos

Next by Date:

Re: [ietf-dkim] Proposal for new text about multiple header issues, Alessandro Vesely

Previous by Thread:

Re: [ietf-dkim] Proposal for new text about multiple header issues, Douglas Otis

Next by Thread:

[ietf-dkim] Statistics about DKIM and MIME, Murray S. Kucherawy

Indexes:

[Date] [Thread] [Top] [All Lists]