Oops... On Fri, Feb 14, 2003 at 08:18:22AM -0500, Mark Horn wrote: > X-TMDA-Fingerprint: oicCLcYvGpG9HeO1mBneqsR+rOI
[ ... ] > X-TMDA-Fingerprint: oicCLcYvGpG9HeO1mBneqsR+rOI [ ... ] > X-TMDA-Fingerprint: oicjii3vGpG9HeO1mBneqsR3jfI These were all supposed to be the same fingerprint. In the first email (the example sent by me) this would get delivered because the fingerprint matched the headers (including date) and wasn't expired. In the second two (the reply attacks) the first replay would fail because the date was tampered with and the fingerprints wouldn't match. The second replay would fail because after verifying that the date wasn't tampered with, it would apply an expiration to that fingerprint. Basically it says, "Ok. I think that this was an email sent by me on Jan 1, 2003, because the fingerprint matched. But today is Feb 14, 2003. This delivery is *waaay* too late. I think this might be a replay attack, and I'll expire it. But I better tell someone that the fingerprint matched, just that it expired. Maybe they'll want to do something different with that information than they would if the fingerprint didn't match". Does this address the weakness that you'd brought up? Does it introduce any new weaknesses? If this is ok, what do you think a reasonable expiration time should be? I thought defaulting to 1 day because I'm only imaginging using this to send myself email, and it seems like that should be more than enough time. As for me, I would probably override the default and use something like 10 minutes. Cheers, - Mark _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
