On Fri, 08 Oct 2010 18:25:40 +0100, Wietse Venema <wie...@porcupine.org> wrote:
> If I understand things correctly, the solution is already available > in DKIM today. It involves signer configuration (sign for N+1 > instances of each header that is covered by the signature) and > requires no change in protocol or semantics. It merely hardens the > DKIM signature and I see nothing wrong with doing so. > > If I am mistaken then please correct me. You are indeed mistaken. All you have ensured is that any message signed (say by ebay) is proof against reply attacks that add additional headers. But the scam we are considering does not involve replay attacks at all. It involves a message created and signed by the scammer using his own key. Naturally, scammers feel no obligation to follow advice or requirements in standards, so they will sign just one instance of the two headers. The ONLY way to defeat this scam is for the Verifier to count the headers itself. And the threat is serious enough that the counting has to be a MUST. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: ...@clerew.man.ac.uk snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html