On Sun, 10 Jul 2011, Hector Santos wrote: > Now of course, if ADSP was a standard and whitehouse.com had an > exclusive signing policy, receivers would of rejected the junk > distributed by Dave's list server as an ADSP violation. But ADSP is a > pipe dream.
The attack only matters if the user believes that forgery is impossible because his ISP and the putative sender both "deploy ADSP" -- and thus the fact that the message made it to his mailbox means it has to be validly signed. (Of course, such users are suckers for messages from "0bama"...) Otherwise, "Obama" messages with an alternate From: (which the forger hopes the MUA will ignore) and signature for that second From:, are no more convincing than plain old forgeries with a single From: and no signature at all. In fact, they can be less effective, since: 1. At any step on the way, the message may be rejected as a protocol violation. 2. The MUA might display to the user, the From: instance that was intended by the forger for the validator's eyes only. 3. The lazy validator might act on the From: instance that was intended by the forger for the MUA to display. Failures (from the forger's perspective) 1 and 2 produce a result less convincing than a simple unsigned forgery. Failure 3 produces a result no more convincing than the simple unsigned forgery. ---- Michael Deutschmann <[email protected]> _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
