ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Security-related Wording issues - section 6.3

2004-08-07 04:01:03
from [Chris Haynes] [Permanent Link] 

I reference draft-ietf-marid-core-02.txt, Section 6.3

Two wording points:

1) Section title

I find the section  title
"Forged Resent-From Attacks"
misleading.

The Resent-From address in these attacks is not forged, it is valid.

It is the sender address/es (From:, Sender:) which may have been forged.

Maybe "Forged Sender Addresses" would be better?



2) The second para starts:

"In order to avoid this attack, MUAs will need to ..."

To me, this is not 'avoiding' the attack, this is 'assisting the user to detect
the attack'.

Using the provisions of Sender-ID there is no way the MTA or MUA can even detect
this attack, let alone defend against it or avoid it.

None of the technology involved has any idea which sender addresses may
legitimately be paired with any given Resent-From address.

This section should be re-worded to make it clear that its is only the end-user
who can detect the possibility of an attack and make any judgement about it.


HTH

Chris Haynes
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Security-related Wording issues - section 6.3, Chris Haynes <=
Previous by Date:  Security issue: End-user dependence on MTA integrity, Chris Haynes
Next by Date:  The application of PRA-related IPR to MUAs, Chris Haynes
Previous by Thread:  Security issue: End-user dependence on MTA integrity, Chris Haynes
Next by Thread:  The application of PRA-related IPR to MUAs, Chris Haynes
Indexes:  [Date] [Thread] [Top] [All Lists]