Stephen Farrell wrote: > > > Michael Thomas wrote: > >> Stephen Farrell wrote: >> >>> Yes, but mucking up a signature is already covered in the >>> draft whereas totally ditching one isn't. >>> >>> (Perhaps "forwarder" wasn't the right term - if not, mea >>> culpa.) >> >> >> From a threat perspective, the two are identical, right? If a >> receiver in any way treats broken signatures different than >> missing signatures, an attacker can exploit the preferable >> treatment trivially. > > > Hmm...I guess so. Though the base-01 currently says (end of > page 30) "Separate policies MAY be defined for unsigned > messages, messages with incorrect signatures, and when the > signature cannot be verified."
That sounds like a good discussion when we get back to the -base draft. I'm convinced that the verifier needs to treat broken signatures as if they weren't there: - If broken signatures are seen as better than the lack of a signature, it's trivial to make one up. - If broken signatures are seen as worse than the lack of a signature, it will serve as a disincentive to signing messages: potential signers might not want to do so if they risk having their messages downgraded if they pass through an MTA that breaks the signature (or through a mailing list that does so). > > Signature deletion is worth maybe a quick mention in threats > but no more I'd say, unless someone figures out some scenario > where this has more impact. Agreed. Will do. -Jim _______________________________________________ ietf-dkim mailing list http://dkim.org
