On 6/3/2020 10:20 AM, Alessandro Vesely wrote:
On Wed 03/Jun/2020 18:43:16 +0200 Dave Crocker wrote:
On 6/3/2020 9:38 AM, Alessandro Vesely wrote:
MUAs should be discouraged from displaying or using Author:, unless
(verifiably) signed by a trusted domain or otherwise configured by the user.
Why?
That avoids the dreaded back-to-square-one path that Brandon conjectured. It
prevents attacks based on this field, while maintaining the DMARC paradigm.
The barrier you specified sounds reasonable. But it isn't.
Any signature put in place when the Author: field is created is likely
broken by the time it gets to the recipient. That's the entire problem
that necessitates rewriting the From: field.
We do not require 'signatures' on Subject: or the Body or Date:. This is
just one more field.
The concern about square one is misguided, apparently mostly because it
continues the erroneous belief that the validation work is done for the
end user, rather than the filtering engine. Besides that, it ignores the
fact that authentication mechanisms are presumably still in place.
Users are tricked by the content of the message, not by the From: (or
Author:) field.
On the other hand, a clean From: (or Author:) field enables consistent
MUA organizing of messages. Messing with the From: (or Author:) field
by intermediaries defeats that.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
