MH Michael Hammer (5304): > > > > -----Original Message----- > > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > > boun...@mipassoc.org] On Behalf Of bill.ox...@cox.com > > Sent: Friday, October 15, 2010 11:59 AM > > To: dcroc...@bbiw.net > > Cc: ietf-dkim@mipassoc.org > > Subject: Re: [ietf-dkim] detecting header mutations after signing > > > > Well a broken signature is morally equivalent to unsigned so Im not > sure > > of the potential harm... > > > > And this is where I angst. In all the discussions of a broken signature > being morally equivalent to unsigned, the thrust has been that it was > likely broken in transit. We failed to have the discussion of it being > intentionally broken in transit as an attempt to game the system. For > header mutations after signing (which are likely to be a malicious > attempt in the specific cases we have been discussing) I feel that > treating it as simply the same as unsigned is ignoring the potential > maliciousness.
I'm sure this was discussed before, but perhaps a refresher helps. How would the DKIM validator know the difference between: A: The message had a valid signature, but it was broken after signing. B: The message is a forgery with a bogus signature. If the DKIM validator cannot make that distinction, then the bad guys will do B and the validator will treat it as A. Wietse _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html