[Mimedefang] DomainKeys
David F. Skoll
dfs at roaringpenguin.com
Thu Aug 19 17:34:09 EDT 2004
On Thu, 19 Aug 2004, SM wrote:
> >Furthermore, DomainKeys is trivially defeated with a replay attack.
> >Send yourself the spam through the signing server. Now you have a signed
> >spam that you can re-mail far and wide. Of course, you can't mutate it,
> >which might increase the effectiveness of DCC and the like, but it still
> >means you can't *really* trust a properly-signed message.
> The Received headers are also signed. This prevents a replay attack.
Not true. Only the Received: headers after the signature are signed.
Additional Received: headers can be added before the signature (and if
you think about it, this *must* be allowed for any mail at all to
get through. You can't sign unknown received headers that will be
added at each hop.)
Regards,
David.
More information about the MIMEDefang
mailing list