Re: MASS plus Sender-ID


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Tony Finch writes:

On Sat, 20 Nov 2004, Hallam-Baker, Phillip wrote:

Signature:
    Can provide a qualified 'success' that is subject to a replay attack
for certain senders.


Why do you think replay of entire messages is a problem?

Or are you concerned with attacks based on the canonicalization algorithm,
which might allow an attacker to add content to a previous message? This
is a message modification attack rather than a replay attack (to use the
terminology in RFC 3552).


Yes, very important to differentiate the two.   The latter is much
more usefully exploitable to spammers and more likely to occur.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBoQOEMJF5cimLx9ARAoiuAKCgrMBoemPzKb0kwY71VsHOPapybgCfWUCK
tFw6SqIFv8DWEo9nmkDK0xo=
=yRWn
-----END PGP SIGNATURE-----

<Prev in Thread]	Current Thread	[Next in Thread>
MASS plus Sender-ID, Hallam-Baker, Phillip Re: MASS plus Sender-ID, Tony Finch Re: MASS plus Sender-ID, Justin Mason <= Re: MASS plus Sender-ID, wayne Re: MASS plus Sender-ID, Justin Mason Re: MASS plus Sender-ID, Jim Fenton Re: MASS plus Sender-ID, Tony Finch Re: MASS plus Sender-ID, Michael Thomas Re: MASS plus Sender-ID, domainkeys-feedbackbase01 Re: MASS plus Sender-ID, wayne Re: MASS plus Sender-ID, Mark Baugher Re: MASS plus Sender-ID, wayne Re: MASS plus Sender-ID, Hallam-Baker, Phillip

Previous by Date:	Re: MASS plus Sender-ID, Mark Baugher
Next by Date:	Re: MASS plus Sender-ID, wayne
Previous by Thread:	Re: MASS plus Sender-ID, Tony Finch
Next by Thread:	Re: MASS plus Sender-ID, wayne
Indexes:	[Date] [Thread] [Top] [All Lists]