Re: DKIM: Canonicalization



On Wed, 20 Jul 2005, Arvel Hathcock wrote:

Because each signature data needs to be unique based on hash of themessage.
I see, so the headers would not provide a sufficient level of uniqueness inthemselves.

Not for purposes of dealing with replay attacks. You simply take existingmessage header for already received email, add your Resent- fields (if atall) and send it back with new content.

Same as with BATV/SES - you take somebody elses BATV/SES signature(harvested from mail list archive perhaps) and use it in your email

and bounces go the listed address.

If you attach time stamp, then you can reasonable reject the message if say
the signature is 5 days old, but it still leaves those 5 days to reuse the
message signature in another message and this would be used by resourceful
attackers.

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

<Prev in Thread]	Current Thread	[Next in Thread>
Goldilocks Canonicalization, (continued) Goldilocks Canonicalization, Michael Thomas Re: Goldilocks Canonicalization, Douglas Otis Re: Goldilocks Canonicalization, Arvel Hathcock Re: DKIM: Canonicalization, william(at)elan.net Re: DKIM: Canonicalization, Earl Hood Re: DKIM: Canonicalization, Jon Callas Re: DKIM: Canonicalization, Earl Hood Re: DKIM: Canonicalization, Arvel Hathcock Re: DKIM: Canonicalization, william(at)elan.net Re: DKIM: Canonicalization, Arvel Hathcock Re: DKIM: Canonicalization, william(at)elan.net <= Re: DKIM: Canonicalization, Douglas Otis Re: DKIM: Canonicalization, Arvel Hathcock

Previous by Date:	Re: DKIM x= Signature Expiration - Domain Expiration Required?, Michael Thomas
Next by Date:	Re: DKIM o=$ Outbound Signing Policy Suggestion, Jim Fenton
Previous by Thread:	Re: DKIM: Canonicalization, Arvel Hathcock
Next by Thread:	Re: DKIM: Canonicalization, Douglas Otis
Indexes:	[Date] [Thread] [Top] [All Lists]