From: Jose M. M. da C. <Jos...@en...> - 2004-08-30 20:15:19
|
Hello, I was thinking on ways to replaying dk signed messages. I found three ways. I checked this on Mozilla under Linux. Suppose Murray sends me a message : ... DomainKey-Signature: some signature From: Murray To: Jose-Marcio Date: some date ... 1. Adding a "Cc: Thom" ... Cc: Thom DomainKey-Signature: some signature From: Murray To: Jose-Marcio Date: some date ... The result on usual MUAs is obvious. 2. Adding a "To: Thom" ... To: Thom DomainKey-Signature: some signature From: Murray To: Jose-Marcio Date: some date ... mozilla shows To header as : To: Thom, Jose-Marcio 3. Adding a "From: Thom" ... From: Thom DomainKey-Signature: some signature From: Murray To: Jose-Marcio Date: some date ... Mozilla shows Thom as being the sender, instead of Murray. Surely, there may be combinations of all this. It seems to me that verifying dk-filter shall verify if some of headers were added after the message was signed, mainly all headers specifying recipients and sender. Best Jose-Marcio -- --------------------------------------------------------------- Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41 Ecole des Mines de Paris http://j-chkmail.ensmp.fr 60, bd Saint Michel http://www.ensmp.fr/~martins 75272 - PARIS CEDEX 06 mailto:Jos...@en... |