At 03:57 PM 11/1/2004 -0800, Paul Lambert wrote:
If a mailing list adds a trailer, it needs to resign the message. It's
now effectively the originator having added new content. If this type
of modification is ignored, malicous trailers can be added to the
messages that could include: ads, solicitations, pleas for help
transfering money, etc.
Whitespace and simple transformations can be worked around and a
signature can be preserved. Trailers can not be supported without
resigning.
The decision to accept an added trailer is really mutual consent of both the
signer and verifier. If the signer doesn't want to allow messages with added
trailers to be acccepted, (in IIM) they make the body length count -1, which
means "sign all the data". If the recipient doesn't want to accept added
trailers, they can just ignore the body count, or can check to see if the count
matches the actual size of the (canonicalized) body. Either party can decide
to be more strict.
I agree that mailing lists should re-sign messages. But I expect that it will
take quite a while before that happens, and in the meanwhile, I want the
original signature to work wherever possible.
-Jim