ietf-mxcomp
[Top] [All Lists]

Re: Security issue: Minority installed base of compatible MUAs?

2004-08-09 22:22:29

At 05:56 PM 8/9/2004 +0100, Chris Haynes wrote:



"Rand Wacker" replied:


On Sat, 7 Aug 2004, Chris Haynes wrote:

The draft states that "in order to avoid this attack, MUAs will need to
start
displaying at least the header that was verified".

My concern is the need for new MUA purchases.

Why can't the server-side check modify the message to display the results
in an MUA-compatible way similar to the way that SpamAssassin modifies
bodies and (optionally) headers today?

-Rand



Could you please supply an example of the modifications you propose in such a
way that:

1) It is displayable in Outlook Express

2) The display could not have been forged by the sender

I share Chris's concern.  Unless the PRA is displayed prominently to the user, 
the From address (when it isn't the PRA) can be anything it wants.

I'm not an OE user, but I'd suggest something like the following:

The MTA verifying the source of the email would rewrite the From line to 
something like:

From: {original From address} via {PRA address}

It would also copy the original From address into a newly-created header, 
perhaps Originally-From:

There needs to be a chain of trust between where the source of the email is 
verified and the recipient.  I believe that is needed whether you do the 
rewriting I'm describing or not.  If that chain of trust exists, the sender 
shouldn't be able to forge it.

-Jim