Re: Extra header fields


James Galvin notes that MIME/PEM specifies that the MIME headers in
the signed portion of a message are included in the digital signature
and can't be tampered with.  Since the discussion in this thread is
all very relevant, let me revise my example to show that the problem
is still there:

    Content-Type: multipart/signed; protocol="pem"; hashalg="md5";
      boundary="Signed Message"
    Note: please send refunded monies to Jeff Thompson

    --Signed Message
    Content-Type: text/plain

    We have returned item #4425 for full refund.

    --Signed Message
    Content-Type: application/signature

    <pemsig>
    --Signed Message--

<Prev in Thread]	Current Thread	[Next in Thread>
Extra header fields, Jeff Thompson Re: Extra header fields, Stephen D Crocker Re: Extra header fields, Jeffrey I. Schiller Re: Extra header fields, Philip Zimmermann Re: Extra header fields, James M Galvin Re: Extra header fields, Dave Crocker Re: Extra header fields, Stephen D Crocker Re: Extra header fields, Jeff Thompson <= Re: Extra header fields, Mark S Feldman

Previous by Date:	Re: Presentation image, Theodore Ts'o
Next by Date:	Re: Extra header fields, Mark S Feldman
Previous by Thread:	Re: Extra header fields, Stephen D Crocker
Next by Thread:	Re: Extra header fields, Mark S Feldman
Indexes:	[Date] [Thread] [Top] [All Lists]