On Fri, 23 Feb 2007 18:54:24 -0000, Hallam-Baker, Phillip
<pbaker(_at_)verisign(_dot_)com> wrote:
Legitimate sender advertises key records A, B. Record A describes a
signature key for a widely supported signature algorithm. Record B
describes a signature key for a signature algorithm that is not
generally supported. The senders signature policy says 'I always sign
every message'. The sender always signs messages with algorithm A
(whether algorithm B is used by the legitimate sender as an additional
algorithm or not does not affect the success of the attack).
Note that this attack also works for minor changes to the way some
signature algorithm is used. For example, B might be a new
canonicalization algorithm introduced because the existing ones were
failing too often due to unanticipated mungings by intermediate sites.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html