Keith Moore wrote:
That, and there is a semantic difference between a signed message and
a cryptographically verifiable trace field in a message.
Could somebody outline a process whereby a single field or group of
fields in a
message could be signed, with the following conditions:
1. the mechanism is robust w.r.t. common types of message munging
(reordered fields,
possible dropping of fields (obviously, let's assume that the field
that is signed isn't
dropped), addition of trailing whitespace, etc.)
2. the mechanism is not subject to replay attacks (e.g. copying the
signed field from one
message to another)
I believe that S/MIME and PGP/MIME signed messages are robust w.r.t.
those criteria, since
the signed message is itself transfer encoded (if necessary) and
encapsulated via MIME; if the
MIME wrapper's header fields are munged, the signed message may still be
valid -- it is
protected from transport issues via the wrapper and encoding. But I
don't see how one can
do the same for a single header field that is not subject to a replay
attack.