On Wed, Feb 25, 2004 at 06:12:37PM +0000, David Woodhouse wrote:
|
| On verification you take the first N lines of the body, calculate the
| checksum. If it doesn't match, you add the next line into the checksum,
| and remove the first (that's why it's this type of checksum, so that's
| nice and easy). When you get a match on the cheaper checksum, you check
| the strong hash. If that fails, keep looking for a checksum match.
|
| In this way you handle crap being added at the beginning and the end of
| the mail. You just get to make a local policy decision about how _much_
| crap you'll tolerate, that's all.
|
That opens the door to replay attacks where only the URL is changed.