Menu
▾
▴
Trying to replay dk signed messages
|
From: Jose M. M. da C. <Jos...@en...> - 2004-08-30 20:15:19
|
Hello,
I was thinking on ways to replaying dk signed messages.
I found three ways. I checked this on Mozilla under Linux.
Suppose Murray sends me a message :
...
DomainKey-Signature: some signature
From: Murray
To: Jose-Marcio
Date: some date
...
1. Adding a "Cc: Thom"
...
Cc: Thom
DomainKey-Signature: some signature
From: Murray
To: Jose-Marcio
Date: some date
...
The result on usual MUAs is obvious.
2. Adding a "To: Thom"
...
To: Thom
DomainKey-Signature: some signature
From: Murray
To: Jose-Marcio
Date: some date
...
mozilla shows To header as :
To: Thom, Jose-Marcio
3. Adding a "From: Thom"
...
From: Thom
DomainKey-Signature: some signature
From: Murray
To: Jose-Marcio
Date: some date
...
Mozilla shows Thom as being the sender, instead of Murray.
Surely, there may be combinations of all this.
It seems to me that verifying dk-filter shall verify if some
of headers were added after the message was signed, mainly all
headers specifying recipients and sender.
Best
Jose-Marcio
--
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41
Ecole des Mines de Paris http://j-chkmail.ensmp.fr
60, bd Saint Michel http://www.ensmp.fr/~martins
75272 - PARIS CEDEX 06 mailto:Jos...@en...
|