On Thu, Feb 13, 2003 at 11:31:12PM -0700, Jason R. Mastaler wrote:
>How? Can't I take one of your messages, duplicate all the headers
>including Date and send it back to you? If the new fingerprint is
>based on the same headers, presumably it will be identical to the
>old fingerprint.
Yes, but if I know that the date hasn't been tampered with, then I can
apply an invisible expiration. For example, I send this message:
Date: Jan 1, 2003
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Happy New Year
Message-ID: <[EMAIL PROTECTED]>
X-TMDA-Fingerprint: oicCLcYvGpG9HeO1mBneqsR+rOI
Happy New Year family!
[ ...blah blah blah...]
You're worried, I think that someone might send this:
Date: Jan 1, 2023
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Happy New Year
Message-ID: <[EMAIL PROTECTED]>
X-TMDA-Fingerprint: oicCLcYvGpG9HeO1mBneqsR+rOI
Come get some new pr0n at www.pr0n.com.
[ ...blah blah blah... ]
Since X-TMDA-Fingerprint included "date" the above email will fail with:
X-TMDA-Fingerprint-Match: No
If I get this email
Date: Jan 1, 2003
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Happy New Year
Message-ID: <[EMAIL PROTECTED]>
X-TMDA-Fingerprint: oicjii3vGpG9HeO1mBneqsR3jfI
Come get some new pr0n at www.newpr0n.com.
X-TMDA-Fingerprint will calculate the same, but if this is sent *after* Jan
2, 2003, then it will fail with:
X-TMDA-Fingerprint-Match: Expired
My basic assumption is that someone will "find" and try to reuse
this email more than a day after I sent it. Additionally, the actual
expiration time will be set in tmda-fingerprint, not anywhere in the
mail itself.
Thoughts?
- Mark
_________________________________________________
tmda-workers mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-workers
