On Oct 15, 2010, at 1:51 PM, MH Michael Hammer (5304) wrote: > > >> -----Original Message----- >> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- >> boun...@mipassoc.org] On Behalf Of bill.ox...@cox.com >> Sent: Friday, October 15, 2010 11:59 AM >> To: dcroc...@bbiw.net >> Cc: ietf-dkim@mipassoc.org >> Subject: Re: [ietf-dkim] detecting header mutations after signing >> >> Well a broken signature is morally equivalent to unsigned so Im not > sure >> of the potential harm... >> > > And this is where I angst. In all the discussions of a broken signature > being morally equivalent to unsigned, the thrust has been that it was > likely broken in transit. We failed to have the discussion of it being > intentionally broken in transit as an attempt to game the system.
How can the system be gamed by breaking a signature in a way that it can't be by removing the signature? A concrete example might make it clearer what the concern is. > For > header mutations after signing (which are likely to be a malicious > attempt in the specific cases we have been discussing) I feel that > treating it as simply the same as unsigned is ignoring the potential > maliciousness. Nobody is saying it should be ignored, I don't think. Rather the bit of code that should be objecting to it is not the DKIM verifier. Cheers, Steve _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html