Since we are designing a system that allows a mediator to alter Subject and Body, it should be no surprise that the conditional signature has the potential for re-use. A well behaved mediator must be assumed before any such trust delegation is granted.I see no way to ensure that the conditional signature is single-use. As long as all of the signature's hashed cntent can be replicated onto another message, the signature can be reused.The more important question is whether conditional signature could be subject to third-party attacks. Does the limited and predictable content of a conditional signature intcrease the risk that a bad guy could use guess-and-test to construct a valid signature block for someone else? DKIM uses the body content in two different hash calculations. This severely limits the ability of an attacker to find and exploit a hash collision. The conditional signatures seem unlikely to have that strength.Sent from my Verizon, Samsung Galaxy smartphone<div> </div><div> </div><!-- originalMessage --><div>-------- Original message --------</div><div>From: Jim Fenton <fen...@bluepopcorn.net> </div><div>Date: 8/29/20 7:11 PM (GMT-05:00) </div><div>To: fost...@bayviewphysicians.com, dmarc@ietf.org </div><div>Subject: Re: [dmarc-ietf] third party authorization, not, was non-mailing list </div><div> </div>On 8/29/20 12:42 PM, Douglas E. Foster wrote: > To elaborate on my question and Michael Hammer's answer: > > To be unique, a signature needs a unique dataset from which the hash > is computed. The weak signature will not be unique because it will > be computed on non-random content such as From, To, and Date.
Unique != random. A time stamp (with enough precision) might be unique, even though it is not random. For that matter, DKIM signatures don't include any random values either. But what I was getting at is that the "weak" signature might not have to be any different from any other DKIM signature (except possibly to specify the authorized mediator). It's just that a verifier might fully verify the mediator's signature, and verify the original signature but not check to see if the body hash matches. The one problem is that some mediators add things like [dmarc-ietf] to the subject line, and that's usually signed. -Jim
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc