"Tony" == Tony Finch <dot(_at_)dotat(_dot_)at> writes:
Tony> On Tue, 11 Jan 2005, Douglas Otis wrote:
>> On Tue, 2005-01-11 at 11:53, Sam Hartman wrote:
>>
>> > I'd like to go farther: why are we signing the body? We're
>> trying to > prevent spam not modification of existing mail
>> messages. I think that > canonicalizing headers may be
>> challenging enough; do we really need to > solve the problem of
>> canonicalizing bodies on top of this.
>>
>> Capture of a signed header would allow attaching a message as a
>> vehicle to carry spam.
Tony> For example, you can do this with on-line mailing list
Tony> archives. The replay attack problem is very serious. The
Tony> BATV and SES groups have discussed it in some detail and
Tony> have generally agreed that the only sure way to protect
Tony> against it is with full message data signatures.
I understand you can get headers to replay. It seems that defining a
largish replay window (say 30 days) and keeping enough information to
uniquely identify a message from this replay window is an option worth
considering.
Yes, it has space requirements for the receiver. So does storing
messages on a POP or IMAP server or for the backing store for a
webmail application. Ultimately for many receivers, mail does get
stored for a while.
--Sam