Julian Mehnle wrote: > Hector Santos wrote: > >> It has been observed by implementations that is it possible to replay >> a message with a 2nd 5322.From header at the top which wouldn't break >> the DKIM signature validity, but would often be displayed by MUAs to >> display the new 5322.From display rather than the signature bound >> 5322.From header.
> No. The trick is to list From twice in h=. This ensures more From > headers cannot be added without breaking the signature. Julian, this was explored and it does not matter. You can add N number of h=from: and N+1 is all that is needed in the security hole. > Perhaps this could be mentioned in the spec with a specific reference to > the From header, but in general terms the spec is pretty clear about how > to prevent the addition of a header field. If you referring having duplicate from: in h= mitigate this issue, see above. As I proposed, the semantics must include an exception clause for the Verifier and Signer signing 5322.From binding logic as described in section 5.4 to address this. It also needs to recommend that MTAs do RFC5322 validating as well - but you are not going to find this in the wild unless the MTA is DKIM compliant and is aware of this situation. It has to be documented in 4871bis for DKIM standardization to make implementations now and the future aware of it and deal with it. -- HLS _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html