On Oct 15, 2010, at 1:51 PM, MH Michael Hammer (5304) wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of
Bill(_dot_)Oxley(_at_)cox(_dot_)com
Sent: Friday, October 15, 2010 11:59 AM
To: dcrocker(_at_)bbiw(_dot_)net
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] detecting header mutations after signing
Well a broken signature is morally equivalent to unsigned so Im not
sure
of the potential harm...
And this is where I angst. In all the discussions of a broken signature
being morally equivalent to unsigned, the thrust has been that it was
likely broken in transit. We failed to have the discussion of it being
intentionally broken in transit as an attempt to game the system.
How can the system be gamed by breaking a signature in a way
that it can't be by removing the signature? A concrete example
might make it clearer what the concern is.
For
header mutations after signing (which are likely to be a malicious
attempt in the specific cases we have been discussing) I feel that
treating it as simply the same as unsigned is ignoring the potential
maliciousness.
Nobody is saying it should be ignored, I don't think. Rather the
bit of code that should be objecting to it is not the DKIM verifier.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html