ietf-dkim
[Top] [All Lists]

[ietf-dkim] Proposed addition to dkim-threats about hash collisions

2006-03-23 16:17:51
Hi again. At the f2f, I volunteered to write up the threat analysis for when a hash collision attack could be used. This text might be in its own section, or could possibly be woven into 4.1.14.

Hash collision attacks in message signing systems involve the same person creating two different messages that have the same hash value, where only one of the two messages would normally be signed. The attack is based on the second message inheriting the signature of the first. For DKIM, this means that a sender might create a "good" message and a "bad" message, where some filter at the signing party's site would sign the good message but not the bad message. The attacker gets the good message signed, and then incorporates that signature in the bad message. This scenario is not common, but could happen, for example, at a site that does content analysis on messages before signing them.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>