ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Doublefrom language should be in ADSP, not core

2011-07-10 05:18:09
-1

---
Sent from my mobile phone

On Jul 10, 2011, at 3:58 AM, "Michael Deutschmann" 
<michael(_at_)talamasca(_dot_)ocis(_dot_)net> wrote:

On Sun, 10 Jul 2011, Hector Santos wrote:
Now of course, if ADSP was a standard and whitehouse.com had an
exclusive signing policy, receivers would of rejected the junk
distributed by Dave's list server as an ADSP violation.  But ADSP is a
pipe dream.

The attack only matters if the user believes that forgery is impossible
because his ISP and the putative sender both "deploy ADSP" -- and thus the
fact that the message made it to his mailbox means it has to be validly
signed.  (Of course, such users are suckers for messages from "0bama"...)

Otherwise, "Obama" messages with an alternate From: (which the forger
hopes the MUA will ignore) and signature for that second From:, are no
more convincing than plain old forgeries with a single From: and no
signature at all.  In fact, they can be less effective, since:

1. At any step on the way, the message may be rejected as a protocol
violation.

2. The MUA might display to the user, the From: instance that was
intended by the forger for the validator's eyes only.

3. The lazy validator might act on the From: instance that was intended
by the forger for the MUA to display.

Failures (from the forger's perspective) 1 and 2 produce a result less
convincing than a simple unsigned forgery.  Failure 3 produces a result
no more convincing than the simple unsigned forgery.

---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html