On Mon, 18 Oct 2010 21:19:18 +0100, Murray S. Kucherawy <m...@cloudmark.com> wrote:
>> -----Original Message----- >> From: ietf-dkim-boun...@mipassoc.org >> [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Charles Lindsey >> Sent: Monday, October 18, 2010 4:24 AM >> To: DKIM >> Subject: Re: [ietf-dkim] layer violations, was detecting header >> mutations after signing >> >> > Irrelevant for the current discussion. >> >> On the contrary, that is precisely the attack of interest, so it is >> supremely relevant. You claim it can be thwarted by other means, but >> have >> failed to explain exactly how those "other means" would work. > > On the contrary, none of this is within the prescribed scope of DKIM. > ADSP and reputation (the latter of which is explicitly out of scope) are > predicated on DKIM's output, not part of its input or its mechanics. > > These topics are distractions from the effort of solidifying the DKIM > specification for advancement along the standards track. That's what I > believe he means by "irrelevant for the current discussion". The scam I have described involves the use, by the phisher, of a DKIM-signed (by himself) email with two From: headers, which is intended to fool verifiers into not spotting that the first signature should have triggered an ADSP lookup which would have revealed that the first From: was 'discardable'. Naturally, the phisher signs with a throaway domain that has not yet acquired any reputation, good or bad. Since the scam involves the use of DKIM, and since the only fix I am aware of requires a change to the DKIM standard, then it is highly relevant to the current discussion. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: ...@clerew.man.ac.uk snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html