[ietf-dkim] detecting header mutations after signing
wietse at porcupine.org
Mon Oct 11 06:07:03 PDT 2010
> On Fri, 08 Oct 2010 18:25:40 +0100, Wietse Venema <wietse at porcupine.org>
> > If I understand things correctly, the solution is already available
> > in DKIM today. It involves signer configuration (sign for N+1
> > instances of each header that is covered by the signature) and
> > requires no change in protocol or semantics. It merely hardens the
> > DKIM signature and I see nothing wrong with doing so.
> > If I am mistaken then please correct me.
> You are indeed mistaken.
> All you have ensured is that any message signed (say by ebay) is proof
> against reply attacks that add additional headers.
> But the scam we are considering does not involve replay attacks at all. It
> involves a message created and signed by the scammer using his own key.
Please read my entire response carefully before responding.
The above detects the case where a bad guy adds a forged header to
a DKIM-signed message, in the hope that naive mail programs will
render their forged header with an indication that THE GOOD GUY'S
DKIM SIGNATURE VERIFIED.
When the bad guy sends mail with (multiple) forged headers, the
best they can get is that naive mail programs render their forged
header with an indication that THE BAD GUY'S DKIM SIGNATURE VERIFIED.
Sending forged headers with bad guy's DKIM signatures is not an
interesting attack on DKIM.
More information about the ietf-dkim