On Wednesday, October 13, 2010 12:54:23 pm Murray S. Kucherawy wrote: > > -----Original Message----- > > From: ietf-dkim-boun...@mipassoc.org > > [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Charles Lindsey > > Sent: Wednesday, October 13, 2010 9:12 AM > > To: DKIM > > Subject: Re: [ietf-dkim] detecting header mutations after signing > > > > The bad guy (the phisher) provides two From headers, but only signs one > > which, as DKIM is currently defined, has to be the second one. > > > > His two headers are: > > From: i...@ebay.com > > From: i...@phisher.com > > > > BUT many/most MUAs currently display only the first From header if two > > are provided. There is no reason why the verifier at the boundary should > > report an invalid signature, so the message gets through to the intended > > victim who just sees what his MUA shows him, which apparently is a > > message from the genuine ebay address. > > This is true if the message is not DKIM-signed at all. The rendering > choice you're highlighting here already exists in many/most MUAs. > > If we can extract DKIM from the equation entirely and the problem remains, > how is it a DKIM problem?
If the DKIM signature doesn't verify after signed headers have been altered, then it's not. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html