On Wed, 20 May 2009 17:55:53 +0100, Dave CROCKER <d...@dcrocker.net> wrote:
> Steve Atkins wrote: >> It means that I can, for example, take one copy of a service notice >> from my bank, leave the headers the same and replace the URLs >> in the body of the message to links to my website, then send it >> out to a hundred thousand people - and it would be validly signed >> by the bank. (The only user-visible content I wouldn't be able to >> change is the subject line). > This sounds like a plausible and serious scenario. Even with l>0, it > suggests a > line of attack -- by adding malicious text that appears to be part of > the bank > notice. Only if the bank was stupid enough to sign with l=0 in the first place. Clearly people who know they are phishing targets will not have l= tags at all. But the vast majority of email senders are not phishing targets. > > What is the counter-argument, in favor of retaining l= ? l=0 might be appropriate for Usenet control messages, where the important information is entirely in the headers. Even if l=<length of message> were used it would help, since currently the commonest cause of Usenet control message failures is extra white lines tagged on the end in transit. l=0 would also be appropriate when other precautions were being taken to authenticate the bidy (e.g. Content-MD5, where the Content-MD5 header itself was included in the signature). And l=<actual message length> is always suitable when the end of the message is marked clearly in some other way, so that an addition is immediately seen as such. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: ...@clerew.man.ac.uk snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html