[ietf-dkim] one more comment I forgot...
Jim Fenton
fenton at cisco.com
Thu Jan 12 13:51:25 PST 2006
Stephen Farrell wrote:
>
>
> Michael Thomas wrote:
>
>> Stephen Farrell wrote:
>>
>>> Yes, but mucking up a signature is already covered in the
>>> draft whereas totally ditching one isn't.
>>>
>>> (Perhaps "forwarder" wasn't the right term - if not, mea
>>> culpa.)
>>
>>
>> From a threat perspective, the two are identical, right? If a
>> receiver in any way treats broken signatures different than
>> missing signatures, an attacker can exploit the preferable
>> treatment trivially.
>
>
> Hmm...I guess so. Though the base-01 currently says (end of
> page 30) "Separate policies MAY be defined for unsigned
> messages, messages with incorrect signatures, and when the
> signature cannot be verified."
That sounds like a good discussion when we get back to the -base draft.
I'm convinced that the verifier needs to treat broken signatures as if
they weren't there:
- If broken signatures are seen as better than the lack of a signature,
it's trivial to make one up.
- If broken signatures are seen as worse than the lack of a signature,
it will serve as a disincentive to signing messages: potential signers
might not want to do so if they risk having their messages downgraded if
they pass through an MTA that breaks the signature (or through a mailing
list that does so).
>
> Signature deletion is worth maybe a quick mention in threats
> but no more I'd say, unless someone figures out some scenario
> where this has more impact.
Agreed. Will do.
-Jim
More information about the ietf-dkim
mailing list