Charles Lindsey: > On Fri, 08 Oct 2010 18:25:40 +0100, Wietse Venema <wie...@porcupine.org> > wrote: > > > If I understand things correctly, the solution is already available > > in DKIM today. It involves signer configuration (sign for N+1 > > instances of each header that is covered by the signature) and > > requires no change in protocol or semantics. It merely hardens the > > DKIM signature and I see nothing wrong with doing so. > > > > If I am mistaken then please correct me. > > You are indeed mistaken. > > All you have ensured is that any message signed (say by ebay) is proof > against reply attacks that add additional headers. > > But the scam we are considering does not involve replay attacks at all. It > involves a message created and signed by the scammer using his own key.
Please read my entire response carefully before responding. The above detects the case where a bad guy adds a forged header to a DKIM-signed message, in the hope that naive mail programs will render their forged header with an indication that THE GOOD GUY'S DKIM SIGNATURE VERIFIED. When the bad guy sends mail with (multiple) forged headers, the best they can get is that naive mail programs render their forged header with an indication that THE BAD GUY'S DKIM SIGNATURE VERIFIED. Sending forged headers with bad guy's DKIM signatures is not an interesting attack on DKIM. Wietse _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html