ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] one more comment I forgot...

2006-01-12 14:56:08
Stephen Farrell wrote:



Michael Thomas wrote:

Stephen Farrell wrote:

Yes, but mucking up a signature is already covered in the
draft whereas totally ditching one isn't.

(Perhaps "forwarder" wasn't the right term - if not, mea
culpa.)


 From a threat perspective, the two are identical, right? If a
receiver in any way treats broken signatures different than
missing signatures, an attacker can exploit the preferable
treatment trivially.


Hmm...I guess so. Though the base-01 currently says (end of
page 30) "Separate policies MAY be defined for unsigned
messages, messages with incorrect signatures, and when the
signature cannot be verified."

That sounds like a good discussion when we get back to the -base draft.

I'm convinced that the verifier needs to treat broken signatures as if
they weren't there:

- If broken signatures are seen as better than the lack of a signature,
it's trivial to make one up.

- If broken signatures are seen as worse than the lack of a signature,
it will serve as a disincentive to signing messages:  potential signers
might not want to do so if they risk having their messages downgraded if
they pass through an MTA that breaks the signature (or through a mailing
list that does so).


Signature deletion is worth maybe a quick mention in threats
but no more I'd say, unless someone figures out some scenario
where this has more impact.

Agreed.  Will do.

-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org