On 1/27/25 11:19 AM, Al Iverson wrote:
On Mon, Jan 27, 2025 at 1:14 PM Michael Thomas<[email protected]> wrote:
which you can't do with l=.
Something doesn't compute here. Back when the concern around the L tag
hit the public consciousness in May 2024, I observed a fair amount of
mail hitting my spamtrap network with the L tag set up in a way where
I was able to grab messages and modify the body to change it to add
"evil" links just fine, and then inject the message, receive it, and
it passes DKIM. So either I don't understand, or you're wrong about
that. L was implemented in a way that didn't "just allow appending
content," it also effectively allows modifying content beyond byte X
with no corresponding failure in the DKIM signature checks.
The only way that would work is if the originator did something like
l=0, which hopefully nobody does. If the l= contains the entire body as
sent by the originator you wouldn't be able to do that.
Yep. In what I've observed, L=1. I'm glad you now agree that it's possible!
Only if the sender is being exceedingly stupid. All that proves is that
there are stupid deployments. Hardly something to judge all by.
That said, the complaints (overblown imo) about l= go back 20 years.
It's hardly a new argument, and anything the supersedes it will have the
same considerations.
"Hardly new" doesn't seem to be a suitable reason to leave it be.
"Anything new will have the same problem" is a heck of an assumption,
and not one I agree with.
Assuming any new scheme allows for arbitrary body changes, it's the same
security risk, and actually makes it more difficult to evaluate.
Mike
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
