From: Jose M. M. da C. <Jos...@en...> - 2004-07-27 08:23:56
|
Murray S. Kucherawy wrote: > On Mon, 26 Jul 2004, SM wrote: > > dk-milter 0.1.15 has a canonicalization method that enumerates which > headers were included in the canonicalization. Order of headers is > recorded, so canonicalization is symmetric on both sides even if the > signed headers get reordered or headers get appended. The method is > called "headerlist" and is based on discussions going on on the "dsig" > mailing list. We're discussing some revisions to it, but it's pretty > close to where we appear to be converging on the list. > > Some of the discussion at the moment involves whether or not Bcc: should > be included since it can be altered or even removed enroute, and whether > or not either From: or Sender: should be a required header. .. > > No canonicalization can really deal with modifications to the body. > S/MIME has the same problems with MLMs that tack on headers and footers > without doing proper MIME wrapping. I agree. If DomainKeys is accepted as a standard or become an RFC, other packages shall be aware of that. So, if some network node changes the body or some header included on the body, signature is broken and shall be resigned. DomainKeys have a big advantage over S/MIME as DomainKeys also sign some headers. Signing the headers prevents replaying the message and repudiation, as From header is included. You can't have the best of all worlds without imposing some restriction on how message is handled by all intermediate MTAs, MLMs, MUAs... I think we're on the right way. But maybe some thing which could be included is the signature timestamp. But this should be included in a header in the canonicalization process (before signing) to avoid being modified. This is interesting, but not absolutely necessary. -- --------------------------------------------------------------- Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41 Ecole des Mines de Paris http://j-chkmail.ensmp.fr 60, bd Saint Michel http://www.ensmp.fr/~martins 75272 - PARIS CEDEX 06 mailto:Jos...@en... |