On Tue, 11 Jan 2005, Douglas Otis wrote:
On Tue, 2005-01-11 at 11:53, Sam Hartman wrote:
I'd like to go farther: why are we signing the body? We're trying to
prevent spam not modification of existing mail messages. I think that
canonicalizing headers may be challenging enough; do we really need to
solve the problem of canonicalizing bodies on top of this.
Capture of a signed header would allow attaching a message as a vehicle
to carry spam.
For example, you can do this with on-line mailing list archives. The
replay attack problem is very serious. The BATV and SES groups have
discussed it in some detail and have generally agreed that the only sure
way to protect against it is with full message data signatures.
It might be sufficient to sign the recipient, date and message-id (or
some other nonce) and to keep a cache of recently seen signatures.
There would be a sizable dynamic database to support this type of
filtering effort. Some replay should still be allowed. Would this
filter include a hash of the message body? If so, why not have this
done at the sender?
How do you know how many legitimate copies there are? How do you allow for
legitimate delays?
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
WEST NORTHERN SECTION: IN NORTH, NORTH 5 TO 7, OCCASIONALLY GALE 8 IN EAST,
BECOMING CYCLONIC 5 OR 6. SNOW SHOWERS. GOOD FALLING POOR IN SHOWERS. MODERATE
ICING IN NORTHEAST AT FIRST. IN SOUTH, WEST OR NORTHWEST 6 TO GALE 8,
DECREASING 5 OR 6, THEN BACKING SOUTHEAST 5 TO 7 IN SOUTHWEST LATER. WINTRY
SHOWERS. GOOD FALLING MODERATE OR POOR IN SHOWERS.