ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Ticket 23 -- l= and Content-type

2011-04-29 13:00:48
from [Dave CROCKER] [Permanent Link] 

Two quick reactions about the first part of the ticket:

    1. This is just a variant of the basic hole created by use of l=

    2. The premise that having the l= go to a multipart boundary somehow 
increases security is simply wrong.  More generally, the idea that one or 
another tidbit might tighten things a bit, l= opens such a huge door, the small 
tidbits don't matter.


As for the second part, with or without Content-Type, messing with the message 
in any interesting way will break the signature.

d/

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] ISSUE: Updating Section 6.5: Recommended Signature Content, Murray S. Kucherawy
Next by Date:  Re: [ietf-dkim] Ticket 23 -- l= and Content-type, Alessandro Vesely
Previous by Thread:  Re: [ietf-dkim] Output summary, John R. Levine
Next by Thread:  Re: [ietf-dkim] Ticket 23 -- l= and Content-type, Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]