ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Broken signatures, was Why mailing lists should strip them

2010-04-30 00:57:16
On 29/Apr/10 01:12, SM wrote:
The diversity
of the email environment is such that you cannot come up with a
"mellowed" canonicalization to cope with every possible change.

Yet, it would seem that by, say, hashing just invariants of binary 
representations of the first entity, e.g. discarding its white space 
and punctuation, one may reach very high percentages of unbroken 
retransmission.

Replay attacks? Spam is also happening. As an email user, I'm not
overly worried about spoofed signatures: They are not legally binding,
and I trust human recipients are able to distinguish fake messages in
case they occur. I'm not easing spammers' job by signing mail, even
though I'd use weaker signatures for increased resiliency. In facts,
the backscatter I get is not signed.

I would be concerned if my DKIM signatures are re-purposed.  Once
that gets done, my DKIM signature is of no value except for you to
direct my messages to the bit bucket.

That would be a rather broken reputation system, if re-purposing 
signatures can stagger it. Such game can be played with strongly 
signed messages as well: Messages on this list could be used to wreck 
mipassoc's reputation by massively resending them to general public, 
many of whom would report them as spam.
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>