Thanks, Paul. I'll work this in and then run it by you for a quick look
before I push out the revised draft.
-Jim
Paul Hoffman wrote:
Hi again. At the f2f, I volunteered to write up the threat analysis
for when a hash collision attack could be used. This text might be in
its own section, or could possibly be woven into 4.1.14.
Hash collision attacks in message signing systems involve the same
person creating two different messages that have the same hash value,
where only one of the two messages would normally be signed. The
attack is based on the second message inheriting the signature of the
first. For DKIM, this means that a sender might create a "good"
message and a "bad" message, where some filter at the signing party's
site would sign the good message but not the bad message. The attacker
gets the good message signed, and then incorporates that signature in
the bad message. This scenario is not common, but could happen, for
example, at a site that does content analysis on messages before
signing them.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html