ietf-asrg
[Top] [All Lists]

Re: [Asrg] porkhash: flexible anti-impersonation mail signatures

2003-04-02 15:53:06
On Wed, 02 Apr 2003 14:09:11 -0800 
Justin Mason <jm(_at_)jmason(_dot_)org> wrote:

J C Lawrence posted a scheme a few days back about authenticating the
Received chain with "forward chained digital signatures".
...
    - immune to breakage caused by message-body-munging by
relays, gateways and mailing list software

I should note that the scheme I posted as written will break for those
list servers that:

  a) rewrite the Message-ID 

  b) don't remove prior Received: headers

Such is legit under [2]822 and centers on the controversy as to whether
a list broadcast is a new message or a retransmission of an extant
message.  FWLIW I'd be quite happy if Message-ID rewriting were ruled
against.

Also, as Andy said, Russ Nelson's Q249 system is very similar.  It
does all the above, *but* it does not hash the timestamp, which I
think is key in this scheme, as it blocks replay attacks.  For details
on Q249, see http://q249.org/ .

I explicitly encoded the Message-ID into the auth chain to allow binding
of the auth chain to a single message.  Prevention of replays of canned
good header sets is accomplished by encoding the time and addresses
involved in each transaction.  Not fool proof, but requires compromise
of an authenticating system (eg direct spool inject without a header
being added) to bypass.

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw(_at_)kanga(_dot_)nu               He lived as a devil, eh?           
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg