> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Charles Lindsey
> Sent: Thursday, October 07, 2010 3:29 AM
> To: DKIM
> Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple
> 5
KIM
>> Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with
>> Multiple 5322.From
>>
>> And note that pious exhortations to ensure that RFC5322 be followed, or
>> that MUAs should be fixed to solve this problem, are no solution. We
>> live
>>
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Charles Lindsey
> Sent: Wednesday, October 06, 2010 3:47 AM
> To: DKIM
> Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple
> 53
On Mon, 04 Oct 2010 23:24:11 +0100, Hector Santos wrote:
> I propose the following addition text by adding to 48721bis to address
> this serious issue;
>
>Special Consideration for Verifying and Signing From: Header
>
>As an exception, header hash verification MUST be done for all
>53
t;> Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple
>> 5322.From
>>
>> Nack. DKIM also purports to provide assurance that the signed content
>> of the message is unmodified. I think mentioning that all instances of
>> a header that is sign
Hector Santos wrote:
> Julian Mehnle wrote:
>
> > I interpret RFC 4871, section 5.4 (actually, exactly the part you
> > quoted originally), such that signing a message that has a dingle
> > From field with h=From:From ensures that adding another From field
> > will break the signature. If you're
Julian Mehnle wrote:
> Hector Santos wrote:
>
>> Julian Mehnle wrote:
>>
>>> The trick is to list From twice in h=. This ensures more From headers
>>> cannot be added without breaking the signature.
>>
>> Julian, this was explored and it does not matter. You can add N
>> number of h=from: and N
>> It has been observed by implementations that is it possible to replay
>> a message with a 2nd 5322.From header at the top ...
A thing with two From: headers isn't a valid RFC 5322 message.
You may recall a lengthy argument about what to do with messages with
bare carriage returns, with the fin
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Scott Kitterman
> Sent: Tuesday, October 05, 2010 12:24 PM
> To: ietf-dkim@mipassoc.org
> Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole wit
"Dave CROCKER" wrote:
>
>
>On 10/5/2010 8:15 AM, Ian Eiloart wrote:
>>> It has been observed by implementations that is it possible to replay
>>> > a message with a 2nd 5322.From header at the top which wouldn't break
>>> > the DKIM signature validity, but would often be displayed by MUAs to
>
-dkim] ISSUE: 4871bis - Security Loop hole with
Multiple
> 5322.From
>
>
>
> On 10/5/2010 8:15 AM, Ian Eiloart wrote:
> >> It has been observed by implementations that is it possible to
replay
> >> > a message with a 2nd 5322.From header at the top which wouldn
Please don't CC me. I'm subscribed to the list.
Hector Santos wrote:
> Julian Mehnle wrote:
>
> > The trick is to list From twice in h=. This ensures more From headers
> > cannot be added without breaking the signature.
>
> Julian, this was explored and it does not matter. You can add N
> numb
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Julian Mehnle
> Sent: Tuesday, October 05, 2010 9:28 AM
> To: ietf-dkim@mipassoc.org
> Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Mul
Murray S. Kucherawy wrote:
> But the attacker in this scenario is already the signer (or has
> compromised the signer), so he/she will just sign the single From:.
If the attacker is the signer, they can just as well resign many times.
I don't think that's the scenario that Hector meant, though.
Ian Eiloart wrote:
>
>
> --On 4 October 2010 18:24:11 -0400 Hector Santos wrote:
>
>> It has been observed by implementations that is it possible to replay
>> a message with a 2nd 5322.From header at the top which wouldn't break
>> the DKIM signature validity, but would often be displayed by MU
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Julian Mehnle
> Sent: Tuesday, October 05, 2010 7:27 AM
> To: ietf-dkim@mipassoc.org
> Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Mul
On 10/5/10 8:45 AM, Dave CROCKER wrote:
> At a deeper level, there is a continuing problem with casting DKIM as a
> mechanism to "protect" a message. That's something that OpenPGP and S/Mime
> do;
> it's not something DKIM does. DKIM merely tries to do enough to ensure that
> the
> d= is vali
Julian Mehnle wrote:
> Hector Santos wrote:
>
>> It has been observed by implementations that is it possible to replay
>> a message with a 2nd 5322.From header at the top which wouldn't break
>> the DKIM signature validity, but would often be displayed by MUAs to
>> display the new 5322.From displ
Murray S. Kucherawy wrote:
>> Ouch. That's nasty. But wouldn't it be better to advise MUA vendors to
>> display the signed header? Are there really MUA's that will display the
>> unsigned headers *and* assert that it was validated? If so, that's
>> surely a bug in the implementation of the MUA.
>
Hector Santos wrote:
> It has been observed by implementations that is it possible to replay
> a message with a 2nd 5322.From header at the top which wouldn't break
> the DKIM signature validity, but would often be displayed by MUAs to
> display the new 5322.From display rather than the signature
Dave CROCKER wrote:
>> Ian Eiloart wrote:
>>
>> Ouch. That's nasty. But wouldn't it be better to advise MUA vendors to
>> display the signed header? Are there really MUA's that will display the
>> unsigned headers*and* assert that it was validated? If so, that's
>> surely a bug in the implementa
ber 05, 2010 5:15 AM
> To: Hector Santos; ietf-dkim@mipassoc.org
> Cc: Tim Polk
> Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple
> 5322.From
>
> > It has been observed by implementations that is it possible to replay
> > a message with a 2n
On 10/5/2010 8:15 AM, Ian Eiloart wrote:
>> It has been observed by implementations that is it possible to replay
>> > a message with a 2nd 5322.From header at the top which wouldn't break
>> > the DKIM signature validity, but would often be displayed by MUAs to
>> > display the new 5322.From
--On 4 October 2010 18:24:11 -0400 Hector Santos wrote:
> It has been observed by implementations that is it possible to replay
> a message with a 2nd 5322.From header at the top which wouldn't break
> the DKIM signature validity, but would often be displayed by MUAs to
> display the new 5322.F
It has been observed by implementations that is it possible to replay
a message with a 2nd 5322.From header at the top which wouldn't break
the DKIM signature validity, but would often be displayed by MUAs to
display the new 5322.From display rather than the signature bound
5322.From header.
F
25 matches
Mail list logo