I've already heard several proposed solutions on this list that I think would fix the problem adequately, so I'm hesitant to suggest another, but...
Another approach would be to bite the bullet on MIME-awareness, but in a minimalistic way -- all that a DKIM-aware program would have to know is how to recognize the multipart boundaries, i.e. to read the "boundary" parameter and detect the boundary lines, both of which are doable as part of the same single pass that computes the signature. Signing software would modify the input to the hash algorithm in some way (e.g. pretending there's a 255 octet) at each point where it recognizes the END of the MIME boundary lines. Signature checking software would do the same, so that moving a MIME boundary would break the signature, effectively pre-empting any MIME-based attack I have yet heard of.
However, I'm reasonably happy with any of the proposed solutions; it's clearly a solvable problem.
A side note: I absolutely can't bring myself to care if DKIM is vulnerable to "vandalism" in the form of corrupting sabotage of real messages, because there's no money in it for the vandal. Nearly every protocol on the Internet is subject to horrific vandalism in the form of DOS attacks. Why worry more about it here? -- Nathaniel
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Suggestion: assigning DKIM o= policy names, Arvel Hathcock |
|---|---|
| Next by Date: | Re: revised Proposed Charter, Arvel Hathcock |
| Previous by Thread: | Re: nowsp considered harmful, Frank Ellermann |
| Next by Thread: | Re: nowsp considered harmful, Jim Fenton |
| Indexes: | [Date] [Thread] [Top] [All Lists] |