On 10/13/2010 2:27 PM, Jeff Macdonald wrote:
DKIM seems to make assurances to message integrity. But it
doesn't. I think the reason why many think it does is because of the
body hash. It is trying to do to much. It should just provide an
identifier that can be verified. Instead of using the body for
hashing, use the Message-ID header along with the Date header and just
hash that. That way most folks would understand DKIM is just providing
an Identifier.
my goodness, but your version of ranting is far too mild and reasonable.
which is not to say i agree with you about tossing out the body hash.
Although DKIM is not trying to "protect" the message, it /is/ trying to reduce
the ability to take a valid use for one message and apply it to an invalid use
with another.
From a mathematical standpoint, your suggestion is quite reasonable, given
that
message ids are supposed to be unique, etc. But the question is whether a
verifying can know whether a signature is being replayed -- that is whether it
is being reapplied to a different message.
Verifiers do not track message ids. So they can't detect a new use.
Using the body hash is a convenient hack that is likely to make it nearly
impossible to apply valid use of a DKIM identifier to different content.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html