[ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From
Murray S. Kucherawy
msk at cloudmark.com
Tue Oct 5 06:48:37 PDT 2010
I've removed Tim Polk from the Cc: list because he is not our sponsoring AD. Our sponsoring AD is already on this list.
> -----Original Message-----
> From: ietf-dkim-bounces at mipassoc.org [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Ian Eiloart
> Sent: Tuesday, October 05, 2010 5:15 AM
> To: Hector Santos; ietf-dkim at mipassoc.org
> Cc: Tim Polk
> Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From
> > It has been observed by implementations that is it possible to replay
> > a message with a 2nd 5322.From header at the top which wouldn't break
> > the DKIM signature validity, but would often be displayed by MUAs to
> > display the new 5322.From display rather than the signature bound
> > 5322.From header.
> Ouch. That's nasty. But wouldn't it be better to advise MUA vendors to
> display the signed header? Are there really MUA's that will display the
> unsigned headers *and* assert that it was validated? If so, that's
> surely a bug in the implementation of the MUA.
This is a non-issue for DKIM anyway. All of this work is predicated on an email that's properly formatted, and RFC5322 says a message with multiple From: headers is malformed. So this is not specifically an attack on DKIM.
I don't think it's practical in DKIM to enumerate all the ways various malformations can cause misleading displays in an MUA.
The MLM draft work included some chatter about some advice for MUA implementers. If and when that work is consolidated into a new document of some kind, this issue would be a good one to put there.
More information about the ietf-dkim