-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tony Finch writes:
On Sat, 20 Nov 2004, Hallam-Baker, Phillip wrote:
Signature:
Can provide a qualified 'success' that is subject to a replay attack
for certain senders.
Why do you think replay of entire messages is a problem?
Or are you concerned with attacks based on the canonicalization algorithm,
which might allow an attacker to add content to a previous message? This
is a message modification attack rather than a replay attack (to use the
terminology in RFC 3552).
Yes, very important to differentiate the two. The latter is much
more usefully exploitable to spammers and more likely to occur.
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFBoQOEMJF5cimLx9ARAoiuAKCgrMBoemPzKb0kwY71VsHOPapybgCfWUCK
tFw6SqIFv8DWEo9nmkDK0xo=
=yRWn
-----END PGP SIGNATURE-----