[ietf-dkim] Re: draft-ietf-dkim-base-09 submitted
Douglas Otis
dotis at mail-abuse.org
Mon Feb 12 11:47:48 PST 2007
On Feb 12, 2007, at 1:45 AM, Stephen Farrell wrote:
>
>
> Frank Ellermann wrote:
>> Eric Allman wrote:
>>> the changes are all responses to IESG comments.
>> I've certainly no clue what an "ASCII art attack" is (3.4.4).
>
> Relaxed reduces runs of whitespace to one space. Say you have a
> message with loads of spaces on the left of a line, with the non-
> whitespace message (some spamtext) off to the right of the screen.
> Now if you can get that signed (say via some bounce processor or
> whatever), then you can remove those runs of whitespace and have a
> viewable spam,e.g. "B U Y E LL ER MAN N". I'm sure there're loads
> of variants.
>
> Not a very compelling attack, but the feeling from IESG comments
> was that adding the warning was useful enough.
This is a bad example. Injected spaces can occur only where a
whitespace (Space or HTAB) already existed as these are collapsed
into a single whitespace during canonicalization.
A bad actor can introduce added spaces between words, where when
viewed, spell something where words then act as as type of large
pixel element. There might be messages which better lend themselves
to such an attack, but even this message could be mangled to say
something unexpected. This allows plausible deniability as well. I
never revealed the name of his wife... : )
-Doug
More information about the ietf-dkim
mailing list