On Tue 21/May/2024 16:41:20 +0200 John Levine wrote:
It appears that Alessandro Vesely <ves...@tana.it> said:
I'd be curious to learn why [John would certainly want the signature to
break if someone changed the Content-Type header on a message he sent]. A
mailing list might change it from >>
Content-type: text/plain; charset=utf-8
to
Content-Type: text/plain; charset="utf-8"
I have trouble imagining that many mailing lists would make that
change and only that change and would otherwise leave the message
untouched.
The other change they did, footer addition, can be easily undone. Guessing
whether the original C-T had quotes rather than us-ascii or what else would
require several attempts, which makes it not worth.
In any event, as we've now said several times, the Content-Type attack
is specifically described in RFC 6376. I see that the perl and python
DKIM modules sign the content-* headers by default.
That attack only works if there is l=, AFAIK.
I've seen several blogs recommending to sign "technical" fields like
Content-Type, Content-Transfer-Encoding and even MIME-Version. I really don't
think this message would take on a different meaning if someone changed that to
be, say, MIME-Version: 1.5.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org