On 10/13/2010 2:27 PM, Jeff Macdonald wrote: > DKIM seems to make assurances to message integrity. But it > doesn't. I think the reason why many think it does is because of the > body hash. It is trying to do to much. It should just provide an > identifier that can be verified. Instead of using the body for > hashing, use the Message-ID header along with the Date header and just > hash that. That way most folks would understand DKIM is just providing > an Identifier.
my goodness, but your version of ranting is far too mild and reasonable. which is not to say i agree with you about tossing out the body hash. Although DKIM is not trying to "protect" the message, it /is/ trying to reduce the ability to take a valid use for one message and apply it to an invalid use with another. From a mathematical standpoint, your suggestion is quite reasonable, given that message ids are supposed to be unique, etc. But the question is whether a verifying can know whether a signature is being replayed -- that is whether it is being reapplied to a different message. Verifiers do not track message ids. So they can't detect a new use. Using the body hash is a convenient hack that is likely to make it nearly impossible to apply valid use of a DKIM identifier to different content. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html