On Wed, Oct 13, 2010 at 2:40 PM, Dave CROCKER <dhc(_at_)dcrocker(_dot_)net>
wrote:
On 10/13/2010 2:27 PM, Jeff Macdonald wrote:
DKIM seems to make assurances to message integrity. But it
doesn't. I think the reason why many think it does is because of the
body hash. It is trying to do to much. It should just provide an
identifier that can be verified. Instead of using the body for
hashing, use the Message-ID header along with the Date header and just
hash that. That way most folks would understand DKIM is just providing
an Identifier.
my goodness, but your version of ranting is far too mild and reasonable.
which is not to say i agree with you about tossing out the body hash.
Although DKIM is not trying to "protect" the message, it /is/ trying to
reduce the ability to take a valid use for one message and apply it to an
invalid use with another.
From a mathematical standpoint, your suggestion is quite reasonable, given
that message ids are supposed to be unique, etc. But the question is
whether a verifying can know whether a signature is being replayed -- that
is whether it is being reapplied to a different message.
Verifiers do not track message ids. So they can't detect a new use.
Using the body hash is a convenient hack that is likely to make it nearly
impossible to apply valid use of a DKIM identifier to different content.
All valid points, but the implementation is being misunderstood. It is
to late for this now, but if the initial criteria included prevent
replay and not use the body, what implementation would of been thought
up instead? No need to answer that, like I said, I was ranting.
--
Jeff Macdonald
Ayer, MA
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html