[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] 6. Proposals - Challenge/response - CRI

To: "Deven T. Corzine" <deven@ties.org>
Subject: Re: [Asrg] 6. Proposals - Challenge/response - CRI
From: david nicol <whatever@davidnicol.com>
Date: 20 Aug 2003 18:11:59 -0500
Cc: Yakov Shafranovich <research@solidmatrix.com>, Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk>, asrg@ietf.org
In-reply-to: <Pine.LNX.4.33.0308201326060.25117-100000@escher.ties.org>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <Pine.LNX.4.33.0308201326060.25117-100000@escher.ties.org>
Sender: asrg-admin@ietf.org

On Wed, 2003-08-20 at 12:42, Deven T. Corzine wrote:

> > > > I think the only really significant semantic suggestion I'm making
> > > > is that a hash of the body of a message should be included to
> > > > prevent forgeries of level-two systems.
> > 
> > That has been mentioned before and is a pretty good idea. It also 
> > alleviates some privacy concerns since the originating MTA/MUA does not 
> > have to store copies of messages, but can store MD5 hashes instead.
> 
> Using a hash is an obvious thing to do, but it begs the question of exactly
> what you're hashing.  You can't safely hash the entire message because the
> headers change on every hop, at least for Received: lines.  Other headers
> might be mangled or normalized as well.  You can ignore the header, but it
> would be good to validate parts of it.  Even if you just hash the body, you
> have to be concerned about the message being mangled by intermediate MTAs.


I imagine one would hash all the MIME parts together.  Or do whatever
GPG does with a MIME message.  This but has been solved, there is only
to select an approach and approve it.



-- 
David Nicol / If at first you don't succeed, use a bigger hammer. 
                                        http://gallaghersmash.com


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- RE: [Asrg] 6. Proposals - Challenge/response - CRI
  - From: Eric Dean

References:
- Re: [Asrg] 6. Proposals - Challenge/response - CRI
  - From: Deven T. Corzine

Prev by Date: [Asrg] RE: 4d. Consent Framework - Language for Consent
Next by Date: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Previous by thread: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Next by thread: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Index(es):
- Date
- Thread