From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Tue Feb 05 2002 - 05:20:22 CST
In <Pine.LNX.4.10.10202041124250.23886-100000@spock.peak.org> John Stanley <stanley@peak.org> writes:
>And, as the draft says:
> Be warned also that some injecting agents that have
> authentication information may choose to replace the From-
> content based upon the authenticated identity.
Actually, the draft does not say that, because we agreed a few weeks back
to change it. It now says:
Be warned, however, that some injecting agents which are unable
to detect that the address belongs to the poster may choose to
insert a Sender header (6.2) or some entry in an Injector-Info
header (6.19) which discloses some valid address for the poster.
>How you can say this is not modification of headers is beyond any
>comprehension.
With that wording, no headers are modified.
>>Secondly, if the signature says that it includes a list of headers which
>>don't include the (at that point nonexistent) Sender,
>That's not the problem with signing a Sender-containing argicle, and you
>know it. If the POSTER puts in the Sender header, because he knows what
>data should be there, and signs the message, then an injector replacing
>the Sender header is breaking the signature by inserting a guess.
But the injector is not allowed to change an existing Sender header, so
that situation cannot arise. You are tilting at windmills again.
Just to clarify this, here is the current wording, as agreed a few weeks
back.
10. The injecting agent MAY add other headers not already provided
by the poster, but SHOULD NOT alter, delete or reorder any
headers already present in the article, except that existing
headers intended for tracing purposes, such as Injector-Info and
Complaints-To, are to be removed as already mentioned. The
injecting agent MUST NOT alter the body of the article in any
way.
NOTE: Care needs to be exercised, when adding any non-mandatory
header in this way, to ensure that the intentions of the poster
are preserved. In particular, the addition of a Sender header
would have privacy implications over and above those set out in
6.19.1 regarding the Injector-Info header.
>If a FORGER inserts a Sender header and signs the article with a bogus
>key, and the injector replaces the Sender with authenticated data, then
>the signature is broken.
As it jolly well should be.
>One case is the real signature failing, the other the forgers. How do you
>tell them apart?
You don't, because your first case cannot arise.
The only case that can arise is where a poster includes NO Sender header,
signs it saying that 'Sender' is included in the sig (which is a stupid
thing to do), and the Injector then adds a Sender.
But this has all been explained to you before. Why do you keep raising it?
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5