Thanks, Paul. I'll work this in and then run it by you for a quick look before I push out the revised draft.
-Jim Paul Hoffman wrote: > Hi again. At the f2f, I volunteered to write up the threat analysis > for when a hash collision attack could be used. This text might be in > its own section, or could possibly be woven into 4.1.14. > > Hash collision attacks in message signing systems involve the same > person creating two different messages that have the same hash value, > where only one of the two messages would normally be signed. The > attack is based on the second message inheriting the signature of the > first. For DKIM, this means that a sender might create a "good" > message and a "bad" message, where some filter at the signing party's > site would sign the good message but not the bad message. The attacker > gets the good message signed, and then incorporates that signature in > the bad message. This scenario is not common, but could happen, for > example, at a site that does content analysis on messages before > signing them. > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
