[Top] [All Lists]

cryptographically verifiable fields

2004-01-18 03:15:52

Keith Moore wrote:

That, and there is a semantic difference between a signed message and a cryptographically verifiable trace field in a message.

Could somebody outline a process whereby a single field or group of fields in a
message could be signed, with the following conditions:
1. the mechanism is robust w.r.t. common types of message munging (reordered fields, possible dropping of fields (obviously, let's assume that the field that is signed isn't
   dropped), addition of trailing whitespace, etc.)
2. the mechanism is not subject to replay attacks (e.g. copying the signed field from one
   message to another)

I believe that S/MIME and PGP/MIME signed messages are robust w.r.t. those criteria, since the signed message is itself transfer encoded (if necessary) and encapsulated via MIME; if the MIME wrapper's header fields are munged, the signed message may still be valid -- it is protected from transport issues via the wrapper and encoding. But I don't see how one can do the same for a single header field that is not subject to a replay attack.