ietf-mailsig
[Top] [All Lists]

Re: CircleID on DomainKeys

2004-10-27 08:04:37

Andrew Newton wrote:

http://www.circleid.com/article/791_0_1_0_C/

-andy


I agree with Yakov Shafranovich's comment. DomainKeys is a good system, but some changes shall be done.

Either way, no signing system is able to work on a piece of text if someone wants to move strings inside without any restriction, unless verifying software is designed to try all possible combinations of strings permutations inside the text. 8-(

This means - there are two possible ways to solve this :

- no changes on signed part of the message are allowed

- domainKeys headers shall be include some indication on what
  was signed and with what order.

Best

Jose-Marcio

--
 ---------------------------------------------------------------
 Jose Marcio MARTINS DA CRUZ           Tel. :(33) 01.40.51.93.41
 Ecole des Mines de Paris              http://j-chkmail.ensmp.fr
 60, bd Saint Michel                http://www.ensmp.fr/~martins
 75272 - PARIS CEDEX 06      
mailto:Jose-Marcio(_dot_)Martins(_at_)ensmp(_dot_)fr


<Prev in Thread] Current Thread [Next in Thread>