ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Mailsploit

2017-12-05 17:12:17
On 12/05/2017 03:52 PM, Pawel Lesnikowski wrote:
encoded-words are simply not permitted inside email addresses. MUA shouldn't attempt to decode this at all.

Perhaps they shouldn't attempt to decode it per say.

I think they should attempt to detect the presence of invalid characters and act accordingly.

Attempting to decode is the first problem, incorrectly handling null terminators and new lines is the second issue.

Okay.

MUAs simply don't expect new lines and null terminators there.

Isn't expecting something unexpected a tenant of security?

I.e. code defensively.

DKIM works as expected, but as you said it may re-enforce an incorrect assumption that email is from respected source.

:-/



--
Grant. . . .
unix || die

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] Current Thread [Next in Thread>