[ietf-dkim] Features that could be reconsidered as part of the bis process
steve at wordtothewise.com
Wed May 20 14:35:03 PDT 2009
On May 20, 2009, at 2:17 PM, Michael Thomas wrote:
> Steve Atkins wrote:
>> Why would you want to sign email as something you vouched for,
>> while still enabling anyone to replace the content of the email
>> with something else without invalidating that signature?
> You can't replace it; you can only append to it.
That's likely wrong, depending on the details of the l= usage.
Firstly, one expressed use case for l= is "l=0" - in other words, don't
sign any of the body. In that case I can put any body content in there
I like, and it'll still be validly signed.
Another use case is to use l= to sign a text part of an email, but not
to sign an attachment. In that case I can obviously replace the
with my own content, but depending on the details of the email structure
I may well be able to replace the text section as rendered to the user
Another use case is to set l= to the entire length of the email as sent.
This case is a little less nonsensical than the others (though the
benefit it offers is not clear). I can still append raw content.
the structure of the email I may well be able to have that appended
displayed in place of the original content. This is harder to exploit
you can entirely replace the original content than the other cases,
multipart mime and html there's no way I'd say it's impossible.
(And, if we're talking phishing attacks, which is one of the supposed
then I can put a very effective phishing attack in just the footer of
anyway - the place people expect to find "Contact Us" or "Log in to your
account" or "Secure your access" links).
More information about the ietf-dkim