On October 27, 2005 at 16:45, "Edberg, Jeremy" wrote: > Another related attack that I did not see mentioned in the threat > analysis is what we call the "pretty from" attack. Most popular email > clients display the arbitrary text in the From header as the display > name, if there is one. For example, if the from header were 'From > "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>', the client would show > "[EMAIL PROTECTED]" as the from address. If the signature could be > validated against badguy.com, then the message would appear legit. This > is a major attack vector, as most of our users don't look beyond what > their GUI client shows them. Looking at the current DKIM standard, it > looks like this could still validate properly, since the signature would > be signed with the key from badguy.com. I didn't see anything in the > spec about verifying that the arbitrary text matches the purported From > address. Is this correct? Perhaps this could be addressed as a > possible threat in the analysis?
This problems appears to be best addressed with MUAs. MUA developers must become more security-aware, especially when it comes to rendering a message. The problem you raise is due to MUAs relying on a non-standard mechanism for extracting the human name of an originating address. With no standardization on how human names are represented in message headers, I think it is virtually impossible to develop a standard that addresses the problem you raise. It may be possible for heuristics to be employed by MTA filters to try to detect such cases, but this has its own set of problems. --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
