On Wed, Feb 12, 2003 at 04:30:14PM -0700, Jason R. Mastaler wrote:
>A possible "hole" exists when someone finds one of your messages, and
>sends you a new message with those same headers, but a different
>body. It will get delivered since the fingerprint verification will
>succeed.
>
>To close this hole, you'd probably have to maintain a database of
>already verified fingerprints, and refuse to accept a fingerprint
>which is in there.
Hmmm... what if tmda-fingerprint required that "date" be one of the fields
included in FINGERPRINT. Then I could add a configuration variable.
Maybe FINGERPRINT_EXPIRE that defaulted to 1d (or something reasonable).
If date is part of FINGERPRINT, then I can verify whether or not it's
been messed with. And if it hasn't been messed with I can assign a
lifetime to the fingerprint.
In which case, there would be three outcomes:
X-TMDA-Fingerprint-Match: Yes
X-TMDA-Fingerprint-Match: Expired
X-TMDA-Fingerprint-Match: No
Where:
"Yes" means the fingerprint matched and was not expired
"Expired" means the fingerprint matched but was expired
"No" means the fingerprint did not match
This would allow me to not have to maintain a database.
Do you think this would close the "hole"?
Cheers,
- Mark
_________________________________________________
tmda-workers mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-workers
