Re: DoS and Replay protection for message signatures



On Fri, 5 Aug 2005, Douglas Otis wrote:

If the signature fails, there is no need to compute the hash
of the body.

The separate hash of the body also allows for limited verification
of a message when the body data is not available.


This sounds like a good idea, but how would you sign the hash
used to develop the signature?


META-Signatures does it, see its specs on how.

Perhaps as a diagnostic, a simple checksum of the body couldbe placed within the signature to confirm the body has been altered


"l" field is also this kind of diagnostic tool. Actually that is exactly
what Content-Digest draft says in regards to its "s" parameter:

"Number of bytes (octet count) in the canonicalized data (as used for
 computing hash digest) can optionally be included in the "s" parameter.
 This is primarily informational field and can be used during digest
 header verification as way to determine if content had been modified.
 If the number in "s" does not match the number of bytes of the
 canonicalized digest being verified then verifying system SHOULD abort
 the processing and can choose to report an extended error indicating
 that content has been changed and size does not match"

could be a reason the signature has failed. I like the idea of dropping thebody hash into the signature header, but this seems to demand two separatesignatures and this would be bad.


It does not demand separate signature. Properly it should be done with
separate header field (which is NOT same as separate signature field).

This is in fact good as for example when message is resigned this fieldis reused and in such a way referenced by multiple signatures which savesspace in header and verifier system processing time.

Normally DKIM does not confirm the local-part of an email address. DKIMverifies a domain that could be compared against various mailbox-domains.

I think this is bad. I believe the system should specify exactly whichmailbox address field it is authorizing and furthermore the signing system

if it received message from authenticated user should indicate that (in
such a way while you do not have direct authentication of the email address,
you have indirect one from the signing system).

---
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

<Prev in Thread]	Current Thread	[Next in Thread>
DoS and Replay protection for message signatures, Douglas Otis Re: DoS and Replay protection for message signatures, Tony Finch Re: DoS and Replay protection for message signatures, Douglas Otis Re: DoS and Replay protection for message signatures, Arvel Hathcock Re: DoS and Replay protection for message signatures, Earl Hood Re: DoS and Replay protection for message signatures, Douglas Otis Re: DoS and Replay protection for message signatures, william(at)elan.net <= Re: DoS and Replay protection for message signatures, Earl Hood Re: DoS and Replay protection for message signatures, Earl Hood [ietf-dkim] Re: DoS and Replay protection for message signatures, Douglas Otis [ietf-dkim] Re: DoS and Replay protection for message signatures, Earl Hood RE: DoS and Replay protection for message signatures, Hallam-Baker, Phillip

Previous by Date:	Re: DoS and Replay protection for message signatures, Douglas Otis
Next by Date:	Re: ] Replay attacks and ISP business models, Andrew Newton
Previous by Thread:	Re: DoS and Replay protection for message signatures, Douglas Otis
Next by Thread:	Re: DoS and Replay protection for message signatures, Earl Hood
Indexes:	[Date] [Thread] [Top] [All Lists]