Andrew Newton wrote:
http://www.circleid.com/article/791_0_1_0_C/
-andy
I agree with Yakov Shafranovich's comment. DomainKeys is a good system, but some
changes shall be done.
Either way, no signing system is able to work on a piece of text if someone
wants to move strings inside without any restriction, unless verifying software
is designed to try all possible combinations of strings permutations inside the
text. 8-(
This means - there are two possible ways to solve this :
- no changes on signed part of the message are allowed
- domainKeys headers shall be include some indication on what
was signed and with what order.
Best
Jose-Marcio
--
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41
Ecole des Mines de Paris http://j-chkmail.ensmp.fr
60, bd Saint Michel http://www.ensmp.fr/~martins
75272 - PARIS CEDEX 06
mailto:Jose-Marcio(_dot_)Martins(_at_)ensmp(_dot_)fr