On Tue, 19 Jul 2005, Arvel Hathcock wrote:
he he... I have to disagree with Jon here. Including the body in the
signature calculation is a measure designed to protect the content of the
body as the opening of our draft states. One of the benefits of crypto
solutions over path based is that crypto can at least attempt to say
something about the integrity of the message content whereas path can not.
If DKIM is not designed to provide a level of content protection why include
the body content in the signature calculation at all when excluding it would
certainly clear up a few problems?
Because each signature data needs to be unique based on hash of the message.
Otherwise it would be wide-open to very easy replay attacks (just like it
is with BATV and SES which sign only MAIL FROM and then it has no serious
protection against replay and security would rely on not revealing envelope
to entire world, which in practice difficult to avoid).
---
William Leibzon, Elan Networks:
mailto: william(_at_)elan(_dot_)net
Anti-Spam and Email Security Research Worksite:
http://www.elan.net/~william/emailsecurity/