ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Comments on draft-ietf-dkim-ssp-requirements-02.txt

2006-10-24 07:15:53
from [Stephen Farrell] [Permanent Link] 


Hallam-Baker, Phillip wrote:

Your restatement of my point misses the point entirely:

IF there is a signature that the recipient can use

I think you mean "IF there was ever a ..."

THEN the recpient should know that there is such a signature

and s/is such a/was ever such a/

But why? The consensus we have now is that the recipient
alone is able to figure what signatures it can use and that
that's enough. You've not explained why this is insufficient
(or I'm just even dumber than usual;-).


If this condition is not met an attacker can perform upgrade and downgrade 
attacks in which the attacker attaches a bogus signature.


What's the problem with this attack that differs from the
the attacker just flipping one bit of a real, acceptable
signature? I don't see it.

S.

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] Comments on draft-ietf-dkim-ssp-requirements-02.txt, Hallam-Baker, Phillip
Next by Date:  Re: [ietf-dkim] Last Call: 'DomainKeys Identified Mail (DKIM) Signatures' to Proposed Standard (draft-ietf-dkim-base), Dave Crocker
Previous by Thread:  RE: [ietf-dkim] Comments on draft-ietf-dkim-ssp-requirements-02.txt, Hallam-Baker, Phillip
Next by Thread:  RE: [ietf-dkim] Comments on draft-ietf-dkim-ssp-requirements-02.txt, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]