Re: Extra header fields

            Content-Type: multipart/signed;
        
            --Signed Message
            Content-Type: text/plain
            Note: please send refunded monies to Jeff Thompson
        
            We have returned item #4425 for full refund.
        
            --Signed Message
            Content-Type: application/signature
        
            <pemsig>
            --Signed Message--

        The recipient may look at the original cleartext version of the
        message and see the note to divert the refunded money.  The PEM
        application will indicate that the signature is valid since the
        signed text has not been altered.  Is this a security problem?
        Some possibilities:

        A. It is not a problem since the MIME agent will process the
        formatted message before the user sees it and only display the
        signed text.  (But then why did the MIME standard go to the
        trouble of making unprocessed messages readable?)

According to the latest draft of the "Security Multiparts for MIME"
document, the headers:

            Content-Type: text/plain
            Note: please send refunded monies to Jeff Thompson

are included in the signature calculation.  If the message had been
encrypted, they would have been included in the encrypted text (and thus
unrecognizable to all but a valid recipient).

When we wrote the security multiparts specification for MIME we
explicitly included the headers in the signature calculation for just
this reason.

Therefore, none of the remaining options:

        B. The MIME agent should "beep real loud" when it comes across
        unrecognized header fields.  (This makes it hard to use experimental
        or new fields.)

        C. It is serious enough that unrecognized fields should be disallowed.

        D. Designing the standard to allow casual inspection of secured
        messages is a Bad Idea. (Perhaps the message text should always be
        base64 encoded.)

are necessary.

A still relevant question is what should a MIME agent display to a user.
In principle, the MIME agent should only display the content to the
user, not the headers.  Thus, the header:

            Note: please send refunded monies to Jeff Thompson

would normally not be displayed to the user.  However, this question
more precisely belongs on the ietf-822(_at_)dimacs(_dot_)rutgers(_dot_)edu 
mailing list.

Jim

binpeH7pyPlcf.bin
Description: application/pem-signature

<Prev in Thread]	Current Thread	[Next in Thread>
Extra header fields, Jeff Thompson Re: Extra header fields, Stephen D Crocker Re: Extra header fields, Jeffrey I. Schiller Re: Extra header fields, Philip Zimmermann Re: Extra header fields, James M Galvin <= Re: Extra header fields, Dave Crocker Re: Extra header fields, Stephen D Crocker Re: Extra header fields, Jeff Thompson Re: Extra header fields, Mark S Feldman

Previous by Date:	Re: Presentation Image, Jeffrey I. Schiller
Next by Date:	Presentation image, peace
Previous by Thread:	Re: Extra header fields, Philip Zimmermann
Next by Thread:	Re: Extra header fields, Dave Crocker
Indexes:	[Date] [Thread] [Top] [All Lists]