-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Woodhouse writes:
On Wed, 2004-10-27 at 17:04 +0200, Jose Marcio Martins da Cruz wrote:
Either way, no signing system is able to work on a piece of text if someone
wants to move strings inside without any restriction, unless verifying
software
is designed to try all possible combinations of strings permutations inside
the
text. 8-(
You don't have to 'try all possible combinations'. You just sign the
thing in a way which isn't dependent on the ordering. The ordering of
headers doesn't _matter_ in general, so it isn't useful to make your
signature depend on them.
agreed! (apart from Received headers. but I can't see that
being usefully exploitable as a spam vector in a replay attack.)
The real problem with DK is that it doesn't survive existing mailing
lists though -- it is common practice to add a few lines to the bottom
of a mail as it's sent to a list, and that practice isn't going to
change any time soon. We really need to use an algorithm which allows
the recipient to locate the original content and verify it, rather than
just breaking.
I think that has to be considered a fundamental requirement of our final
solution -- it _can't_ break with existing mailing lists. It _must_ be
possible to deploy it and actually start using it to reject mail,
without losing valid mail.
Another iisue -- mailing-list munging of the body results in a
"signature-check failed" condition, one which is indistinguishable from a
spammer attempting a replay attack.
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFBf/5HMJF5cimLx9ARAkWyAJ4zTE3n8HqrP8nS07VhBKqK0ur+3QCfWpnP
oFMKdHWDhAK3NTq8BXNiU0E=
=BPfH
-----END PGP SIGNATURE-----