On Wed, 2004-12-01 at 18:43 +0000, Mark wrote:
As irony would have it, though, the SES added "digest of the message,
which fully prevents an attacker from being able to re-use and existing
reverse-path with a new message," introduces a type of 'redistribution'
issue, not unlike the 'forwarding' problem the SES proponents so vocally
decry. Namely, where mailing lists/ISP's add their own little message
banner/Anti-Virus blurb.
When mailing lists do it they change the reverse-path so it's fine.
When mail servers do it, they need to do it before the signature is
generated, or after the signature is checked. I'm not aware of anyone
doing such a thing in transit.
The trick for SES will be to keep things
sufficiently 'fuzzy', yet strict enough for the digest to be of any
relevance.
That's a problem that the RFC2822 schemes which work with
message-signing have unless they want to validate only the 'most recent'
RFC2822 identity which is basically the same as validating the RFC2821
MAIL FROM anyway. It shouldn't be necessary for an RFC2821 identity for
the reasons above.
--
dwmw2