MH Michael Hammer (5304):
>
>
> > -----Original Message-----
> > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
> > boun...@mipassoc.org] On Behalf Of bill.ox...@cox.com
> > Sent: Friday, October 15, 2010 11:59 AM
> > To: dcroc...@bbiw.net
> > Cc: ietf-dkim@mipassoc.org
> > Subject: Re: [ietf-dkim] detecting header mutations after signing
> >
> > Well a broken signature is morally equivalent to unsigned so Im not
> sure
> > of the potential harm...
> >
>
> And this is where I angst. In all the discussions of a broken signature
> being morally equivalent to unsigned, the thrust has been that it was
> likely broken in transit. We failed to have the discussion of it being
> intentionally broken in transit as an attempt to game the system. For
> header mutations after signing (which are likely to be a malicious
> attempt in the specific cases we have been discussing) I feel that
> treating it as simply the same as unsigned is ignoring the potential
> maliciousness.
I'm sure this was discussed before, but perhaps a refresher helps.
How would the DKIM validator know the difference between:
A: The message had a valid signature, but it was broken after
signing.
B: The message is a forgery with a bogus signature.
If the DKIM validator cannot make that distinction, then the bad
guys will do B and the validator will treat it as A.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
