DKIM can not address this issue however messaging authors like myself (get
ready for some RFC blasphemy) can optionally strip off all comment text from
origin headers. So, there's never _ever_ the possibility of this taking
place with users of our software. If there's no "pretty text" to display
then there's none passed on to the MUA. That should solve it. Nobody is
going to hell for stripping optional text out of mail headers so some
certain of you who just started praying for my soul can rest easy :)
--
Arvel
----- Original Message -----
From: "wayne" <[EMAIL PROTECTED]>
To: "IETF DKIM WG" <[email protected]>
Sent: Tuesday, November 01, 2005 1:07 PM
Subject: Re: [ietf-dkim] draft-fenton-dkim-threats-01.txt
In <[EMAIL PROTECTED]>
"Edberg, Jeremy" <[EMAIL PROTECTED]> writes:
Another related attack that I did not see mentioned in the threat
analysis is what we call the "pretty from" attack. Most popular email
clients display the arbitrary text in the From header as the display
name, if there is one. For example, if the from header were 'From
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]>', the client would show
"[EMAIL PROTECTED]" as the from address.
_______________________________________________
ietf-dkim mailing list
http://dkim.org
