On Jan 11, 2006, at 11:19 AM, Michael Thomas wrote:
Stephen Farrell wrote:
Yes, but mucking up a signature is already covered in the draft
whereas totally ditching one isn't.
(Perhaps "forwarder" wasn't the right term - if not, mea culpa.)
From a threat perspective, the two are identical, right?
The term mediator may have been better. Removal of a signature
within that role may also introduce a new signature by the mediator.
In this case, a signature has been removed and replaced with a
different signature. In the case of replacement, the results should
not be identical. Being able to define the role of the signer may
help resolve handling issues.
If a receiver in any way treats broken signatures different than
missing signatures, an attacker can exploit the preferable
treatment trivially.
This was not about a broken signature, but a deliberately removed
signature. Once there is a greater concern related to the overhead
associated with handling multiple signatures, how this gets handled
will have greater importance. A bad actor could trivially increase
recipient burdens by introducing multiple signatures with various
body lengths and multiple From addresses. Unfortunately, due to the
authorization scheme, this may also become a common practice by
legitimate mediators. : (
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org