[ietf-dkim] Use of "sender" in -base
Paul Hoffman
phoffman at proper.com
Thu Jun 8 10:00:46 PDT 2006
At 8:43 AM -0700 6/8/06, Dave Crocker wrote:
> > 3.4.5 Body Length Limits
>>
>...
>>
>> INFORMATIVE IMPLEMENTATION NOTE: Body length limits could be useful in
>> increasing signature robustness when sending to a mailing list that both
>> appends to content sent to it and does not sign its messages. However, using
>> such limits enables an attack in which a sender with malicious intent
>> modifies a message to include content that solely benefits the attacker. It
>> is possible for the appended content to completely replace the original
>> content in the end recipient's eyes and to defeat duplicate
>>message detection
>> algorithms. To avoid this attack, signers should be wary of using this tag,
>> and verifiers might wish to ignore the tag or remove text that appears after
>> the specified content length, perhaps based on other criteria.
>
>
>(dhc) I think the use of "sender" here refers to the signer, but it
>might refer
>to the originator. I'm not sure. Who is really the source of the threat?
It seems to be clearly that "sender" means "attacker" here. sender -> attacker
> > 5.1 Determine if the Email Should be Signed and by Whom
>>
>...
>>
> > A SUBMISSION server MAY sign if the sender is authenticated by some secure
>> means, e.g., SMTP AUTH. Within a trusted enclave the signing address MAY be
>> derived from the header field according to local signer policy. Within a
>> trusted enclave an MTA MAY do the signing.
>>
>
>(dhc) signer -> submitter
This one confuses me. Did you mean "if the sender is authenticated"
-> "if the submitter is authenticated"?
+1 to the rest.
More information about the ietf-dkim
mailing list