On Sun, 10 Jul 2011, Hector Santos wrote:
Well, you have a point:
DKIM has failed to address legacy spoofing problems.
That's not quite the point I intended to make.
I consider it faintly possible that a situation could arise where a lazy
validation module embedded in an MTA always checked the last of multiple
Froms:, while an MUA always displayed the first From: -- or vice versa.
But I find it very unlikely that a validation module embedded in the MUA
itself would be vulnerable. It might fail to notice double Froms:, but it
will validate the same one it shows the user. So it will either sound the
alarm, or say "correctly signed" while ignoring the address the forger
wanted the user to see, showing his own domain instead.
Now, unless the MTA is *so confident* that a signature should have been
there that it *refuses to deliver* suspect mail, its validator doesn't
have an effect on the end-user. And such confidence isn't likely without
use of a layered protocol, ADSP being the only one published yet.
Thus, if the user has no validator in his MUA, for now it's just as if DKIM
didn't exist. Doublefrom can't buy the forger anything more. If he does
have a validator in his MUA, then he is unlikely to be vulnerable.
(and that doesn't even consider all the fuss we've made here about this
angel on a pinhead...)
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html