On Wed, Dec 10, 2003 at 05:05:07PM -0800, Mark Baugher wrote:
It would not verify if the signature design was secure. That is,
one should not sign a piece of the message that could be cut and
pasted in this way. I have not seen anything about the signing
proposal to suggest that they were doing this or even signing SMTP
trace record.
So yes, the problem you describe is a problem that's caused by a
poor signature design.
The problem is that I yet have to see a signature design that will work
and that will not be broken by a sufficiently large number of mailservers/
features out there.
What gets signed is an open question. This does not strike me as
an insurmountable problem.
:-) IMHO exactly this is the problem that hasn't been solved yet.
I think of each message sent as a separate mail transaction that will
have a separate signature applied by the mail submission agent.
What is the advantage then?
I know who I am talking to directly. So the sending MTA doesn't need the
hassle to sign the message. The MTAs could simply use TLS or a key
exchange. The advantage of the signing is that I - as the receiver -
can validate the signing of the original sender or - that would be fine -
of all intermediate hosts.
Other than that it's pretty worthless, IMHO.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg