In <400A5CC6(_dot_)1070603(_at_)verizon(_dot_)net> Bruce Lilly
<blilly(_at_)verizon(_dot_)net> writes:
Keith Moore wrote:
That, and there is a semantic difference between a signed message and
a cryptographically verifiable trace field in a message.
Could somebody outline a process whereby a single field or group of
fields in a
message could be signed, with the following conditions:
1. the mechanism is robust w.r.t. common types of message munging
(reordered fields,
possible dropping of fields (obviously, let's assume that the field
that is signed isn't
dropped), addition of trailing whitespace, etc.)
2. the mechanism is not subject to replay attacks (e.g. copying the
signed field from one
message to another)
Usefor did some work on this (but for other reasons). However, it was
decided it was a step too far for the current draft, but a possibility for
a later 'security' document.
The internet-draft has expired now, but you can still find it on
<http://www.landfiled.com/usefor/drafts/draft-lindsey-usefor-signed-01.txt>
It included a very elaborate canonicalization. Even so, I would write it
differently now. And worse things have happened since I wrote it, for
example how do you canonicalize IDNA domain names, as UTF-8 or as
punycode?
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave,
CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5