[ietf-dkim] layer violations, was detecting header mutations after signing
Charles Lindsey
chl at clerew.man.ac.uk
Fri Oct 15 06:51:48 PDT 2010
On Thu, 14 Oct 2010 18:23:21 +0100, Michael Thomas <mike at mtcc.com> wrote:
> I would hope so because this would be a really stupid thing to do.
> Without the next line of defense -- virus, malware, spam, phishing --
> you'd be setting your users up for big problems. Just because it's
> DKIM signed from a good source doesn't mean it's not still evil.
Have you ever seen an evil message from Ebay?
And yet the current protocol will allow an evil mail _apparently_ from
Ebay to appear, with no means for the recipient to detect the difference.
And as regards using current malware detection software, can you please
explain to us how that is supposed to catch an eveil mail signed by a
brand-new throwaway domain that has not yet had time to acquire any
reputation, good or bad?
>
> That's why all of this hand wringing is silly.
We are not hand wringing. We are pointing out a protocol that, when
applied in the current (and likely future) Real World, fails to deliver
what it was intended to deliver.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list