Thomas Roessler wrote:
On 2005-07-20 07:25:28 -0700, Michael Thomas wrote:
One can also delete everything appended as is recommended in the
draft.
That would take care of the "adding new content" part, which is
indeed made possible by l=. (And not dissimilar to a known problem
with IIM.)
This really has nothing to do with nowsp.
The first step of the manipulation was to make changes to the MIME
structure that were canonicalized away by nowsp -- hence rendering
parts of the signed message invisible without breaking the
signature.
Instead of messing with boundaries, an attacker could also fold an
entire MIME body part's content, or maybe just part of that content,
into a couple of MIME headers, leaving back an empty body, or making
part of the original content invisible.
So what I've seen, it's gone from a malicious insertion attack
to a vandalism attack. The first could lead to fraud. What does
the second lead to? If there's no potential for money, my guess
is not very far.
Or one could insert an empty line in front of a content-type header,
turning an HTML body part into a text/plain one. (Do that on a
large scale with a legitimate, DKIM-signed HTML message from some
large financial institution, and see how their helpdesk reacts to
it.)
Huh? This would break the signature. In any case, banks are
poster children for users who should use simple.
I wouldn't be surprised if there were more interactions between MIME
and nowsp.
Basically, there is a lot of structure in MIME messages that
actually depends on where whitespace and line breaks are in the
message body. nowsp canonicalizes that structure away, and opens the
door for manipulations.
Likewise, there are a lot of things that innocently mangle messages
in transit. This is a tradeoff. Things that really, really want
assurance that their message is not tampered with should use
simple.
Mike