Tony Finch writes:
On Tue, 7 Sep 2004, Michael Thomas wrote:
To the degree that you don't include original text, is the
degree that you are subject to cut and paste attacks.
BATV is not a message data verification system. It simply allows you to
link a bounce to an original message sent by you. It would suck if the
link is via a virus or a spammer, but experience suggests that this will
be very rare in practice because bounce addresses don't get out much.
If I as a spammer simply need to capture a *single* BATV
verification header for, oh say, aol.com and attach whatever
spam content I desire and bounce it through some dupe relay,
that is a *significant* problem. The draft says that this
deserves further investigation. Well, I'm all ears.
And I think that things that don't include any of the text should be [...]
BATV is designed to work in the real world not an ideal world.
Something that will allow trivial cut and paste attacks like
this sound perfectly real world exploitable to me. In
particular, suppose a financial signed all of its mail and
had a posted policy to the effect. Could BATV admit messages
as genuinely from that financial which would violate that
policy? If it's not considering the body, how could it do
otherwise?
Mike