Re: [ietf-dkim] Re: draft-ietf-dkim-base-09 submitted
Douglas Otis <dotis@mail-abuse.org> Mon, 12 February 2007 19:51 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HGhCc-0007sM-HZ for ietf-dkim-archive@lists.ietf.org; Mon, 12 Feb 2007 14:51:06 -0500
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HGhCa-0005Rv-Qk for ietf-dkim-archive@lists.ietf.org; Mon, 12 Feb 2007 14:51:06 -0500
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id l1CJm2VS019204; Mon, 12 Feb 2007 11:48:02 -0800
Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id l1CJltnu019162 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-dkim@mipassoc.org>; Mon, 12 Feb 2007 11:47:55 -0800
Received: from [10.2.164.130] (SJC-Office-NAT-217.Mail-Abuse.ORG [168.61.10.217]) (authenticated bits=0) by a.mail.sonic.net (8.13.8.Beta0-Sonic/8.13.7) with ESMTP id l1CJljvh004907 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 12 Feb 2007 11:47:46 -0800
In-Reply-To: <45D03736.4050703@cs.tcd.ie>
References: <28DED7184D567B3C8C8E819F@2-228.dhcp.neophilic.net> <45CFD893.62B7@xyzzy.claranet.de> <45D03736.4050703@cs.tcd.ie>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <4F72D1EB-D6B1-4E36-9F61-E17AF0E63689@mail-abuse.org>
Content-Transfer-Encoding: 7bit
From: Douglas Otis <dotis@mail-abuse.org>
Subject: Re: [ietf-dkim] Re: draft-ietf-dkim-base-09 submitted
Date: Mon, 12 Feb 2007 11:47:48 -0800
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.752.2)
X-Songbird: Clean, Clean
Cc: Frank Ellermann <nobody@xyzzy.claranet.de>, ietf-dkim@mipassoc.org
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d
On Feb 12, 2007, at 1:45 AM, Stephen Farrell wrote: > > > Frank Ellermann wrote: >> Eric Allman wrote: >>> the changes are all responses to IESG comments. >> I've certainly no clue what an "ASCII art attack" is (3.4.4). > > Relaxed reduces runs of whitespace to one space. Say you have a > message with loads of spaces on the left of a line, with the non- > whitespace message (some spamtext) off to the right of the screen. > Now if you can get that signed (say via some bounce processor or > whatever), then you can remove those runs of whitespace and have a > viewable spam,e.g. "B U Y E LL ER MAN N". I'm sure there're loads > of variants. > > Not a very compelling attack, but the feeling from IESG comments > was that adding the warning was useful enough. This is a bad example. Injected spaces can occur only where a whitespace (Space or HTAB) already existed as these are collapsed into a single whitespace during canonicalization. A bad actor can introduce added spaces between words, where when viewed, spell something where words then act as as type of large pixel element. There might be messages which better lend themselves to such an attack, but even this message could be mangled to say something unexpected. This allows plausible deniability as well. I never revealed the name of his wife... : ) -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- [ietf-dkim] Re: draft-ietf-dkim-base-09 submitted Frank Ellermann
- Re: [ietf-dkim] base-09 8.13. Inappropriate Signi… Douglas Otis
- [ietf-dkim] draft-ietf-dkim-base-09 submitted Eric Allman
- Re: [ietf-dkim] Re: draft-ietf-dkim-base-09 submi… Stephen Farrell
- Re: [ietf-dkim] Re: draft-ietf-dkim-base-09 submi… Douglas Otis