On Thu, 19 Aug 2004, SM wrote: > >Furthermore, DomainKeys is trivially defeated with a replay attack. > >Send yourself the spam through the signing server. Now you have a signed > >spam that you can re-mail far and wide. Of course, you can't mutate it, > >which might increase the effectiveness of DCC and the like, but it still > >means you can't *really* trust a properly-signed message.
> The Received headers are also signed. This prevents a replay attack. Not true. Only the Received: headers after the signature are signed. Additional Received: headers can be added before the signature (and if you think about it, this *must* be allowed for any mail at all to get through. You can't sign unknown received headers that will be added at each hop.) Regards, David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
