On Wed, 06 Jul 2011 21:51:49 +0100, Hector Santos <hsantos(_at_)isdg(_dot_)net>
wrote:
My only comment is that we are making way too much out of this.
DKIM requires a From: hashing a minimum requirement and since RFC5322
only one there are two basic fundamentals rules, together called the
One From DKIM Rule:
One From DKIM Rule:
Verify - DKIM must only see one From when verifying. If multiple
From: headers are found, the message is automatically
invalid
from a valid DKIM signature standpoint.
Signing - DKIM must only see one From when signing. If multiple
From:
headers are found, the message is automatically invalid for
a DKIM signature standpoint. In other words, it MUST NOT
continue and sign the message.
I agree with the above entirely, and have proposed such wordings many
times. But unfortunately the consensus of the WG has been to not include
such wordings.
Dealing with Exploits:
For the most part, we are dealing with injection of addition From:
header(s) in an already signed message. DKIM implementations
following the One From DKIM Rule, will mitigate this problem.
No, I think my first scenario, where the attacker signs on behalf of his
throwaway domain, will turn out to be the more common attack, if we do not
fix this problem.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html