At 8:43 AM -0700 6/8/06, Dave Crocker wrote:
> 3.4.5 Body Length Limits
INFORMATIVE IMPLEMENTATION NOTE: Body length limits could be useful in
increasing signature robustness when sending to a mailing list that both
appends to content sent to it and does not sign its messages. However, using
such limits enables an attack in which a sender with malicious intent
modifies a message to include content that solely benefits the attacker. It
is possible for the appended content to completely replace the original
content in the end recipient's eyes and to defeat duplicate
algorithms. To avoid this attack, signers should be wary of using this tag,
and verifiers might wish to ignore the tag or remove text that appears after
the specified content length, perhaps based on other criteria.
(dhc) I think the use of "sender" here refers to the signer, but it
to the originator. I'm not sure. Who is really the source of the threat?
It seems to be clearly that "sender" means "attacker" here. sender -> attacker
> 5.1 Determine if the Email Should be Signed and by Whom
> A SUBMISSION server MAY sign if the sender is authenticated by some secure
means, e.g., SMTP AUTH. Within a trusted enclave the signing address MAY be
derived from the header field according to local signer policy. Within a
trusted enclave an MTA MAY do the signing.
(dhc) signer -> submitter
This one confuses me. Did you mean "if the sender is authenticated"
-> "if the submitter is authenticated"?
+1 to the rest.
NOTE WELL: This list operates according to