On Wed, 2005-02-02 at 16:12 -0800, Jim Fenton wrote:
Thomas Roessler wrote:
There seem to be two security-relevant vulnerabilities in
draft-fenton-identified-mail-01.txt.
1. MIME. When a site sends e-mail with the body length count
different from -1, then an attacker can change the message's
"Content-Type" header to "multipart/mixed" with a boundary parameter
that occurs nowhere in the message's body. The attacker can then
proceed to append a valid MIME multipart body to the message without
invalidating the IIM signature. According to section 5.5.1, of RFC
2046, receiving agents will have to ignore the original signed
message's content, and display only the material appended by the
attacker.
One cure to this attack would consist in using multipart/signed
messages, as PGP/MIME and S/MIME do.
That's very interesting; this is the first I have heard of this
vulnerability.
It occurs to me that requiring the signing of the Content-Type header
would address this problem. Do you think so?
One solution would be to remove all content not included within the
signature before allowing a message to pass. There are issues
surrounding other fields as well, whether this is improving upon the DK
header tagging, or the approach used by IIM. These checks should be
seen as diagnostics. When used to "recover" a message however, any
content detected as having been added MUST be removed. This would
encourage mailing lists to leave signed messages alone, or add their own
signature. It would also prevent these types of concerns.
-Doug