ietf-mailsig
[Top] [All Lists]

Re: Rambings on RFC2822 signatures.

2004-09-18 11:37:39

On Sat, 18 Sep 2004, David Woodhouse wrote:

Let's separate canonicalisation and permissiveness. Canonicalisation
means stuff like undoing base64 encoding, converting charsets to UTF-8,
folding whitespace in _headers_ and maybe most of text/html (outside
<PRE>, etc) but not in text/plain.

And these canonicalisaion problems are not easy to deal with unfortunetly.
But I also found that almost all conversion of message (especially more
serious ones like charset conversion, etc) occurs at the time of message
delivery to final recepient. That means if we require MDA to verify
signature prior to doing these conversions, we're mostly ok. But things
like base64 conversions are more common by intermediate remailers and
do have to be dealt with.

The bit with allowing the addition of lines -- or at least being able to
tell that the signed part is still valid despite the addition of lines
(I didn't say that/when the recipient had to _allow_ it) -- is
permissiveness, and that's what seems to be needed to allow most of the
attacks in the field guide you reference.

It would be MUA that need to identify part that is signed and that 
references certain identity and part that was not signed by same way.
And I think this can be implemented in the way so that even ordinary
luser will see that forgery is being attempted.

Additionally there are other ways to protect from having one signed
email reused inappropriatly. That includes embeding message id and 
timestamp of the message as part of the signature and as well as having 
public key that is used expire, etc.
 
Speaking personally, I'm most concerned about the additions by mailing
lists, and on text/plain MIME parts.
Exactly.
 
I would be more than happy to allow _no_ permissiveness on text/html
parts. Because an attacker could start with '<-- ' and end with ' -->'
followed by a line or two of their own text, and still have a tiny
percentage of 'addition'.
Agreed. One fully created MIME part should stay the way it is.
But new MIME parts (text or html) it should be possible to add to email
message and without disturbing original signature (i.e. it should
still be possible to verify that signature by any consequitive system)

---
William Leibzon, Elan Networks:
 mailto: william(_at_)elan(_dot_)net
Anti-Spam Research Worksite:
 http://www.elan.net/~william/asrg/


<Prev in Thread] Current Thread [Next in Thread>