From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Sat Mar 02 2002 - 11:48:21 CST
I received the following From Dave Del Torto when I mailed him to see
whether the successor to RFC 2015 (which is referenced in our draft) was
out yet (it is, and I shall change the reference).
He raises a point with regard to the Supersedes header. Currently, if it
is signed (by pgpverify/whatever, though that is hardly current practice
yet) and the signature fails to check, our draft says the article SHOULD
be discarded (though it MAY be stored as an ordinary article - naturally
the old article would not then be deleted, of course).
He suggests to promote that SHOULD to MUST. Personally, I see no reason
why the server admin should not have discretion here, so I just pass on
the suggestion for your consideration.
------------- Begin Forwarded Message -------------
Date: Fri, 1 Mar 2002 14:39:35 -0800
To: Charles Lindsey <chl@clw.cs.man.ac.uk>
From: Dave Del Torto <ddt@cryptorights.org>
Subject: There is a "c" in "Security" (was: Re: MIME Security with OpenPGP)
At 7:26 PM +0000 2002-02-28, Charles Lindsey wrote:
>>At 10:15 am +0000 2002-02-28, Charles Lindsey wrote:
>>>The latest I have on this is draft-ietf-openpgp-mime-06.txt. Has
>>>this progressed to a Proposed Standard with an RFC number yet? I
>>>need to know, because we need to refer to this work in the
>>>upcoming USEFOR draft for the Netnews standard.
>>
>>Charles,
>>
>>Yes, see RFC 3156 <http://www.ietf.org/rfc/rfc3156.txt>.
>>
>>I'd be interested in seeing what you're doing with it, if you have
>>a URL for that.
>
>Have a look at draft-ietf-usefor-article-06.txt and grep for
>[RFC 2015bis].
I see. Well, perhaps replacing references to "2015" with "3156" would
be in order.
So, briefly what effect will ~06.txt have on security? IYO, is there
any degradation in the backward compatibility mentioned in your
abstract that will affect security?
IMHO, it seems like it might be an attack point to make discards a
MUST where control cancel messages fail an auth check in the presence
of a Supersedes header. If I understand this, which I may not, and it
become easier for rogue netnews admins to cancel legitimate (e.g.)
"application/remailer-msg" posts from representatives of an
internationally recognized news gathering or humanitarian
organization to post, then this is not a particularly Good Thing.
Just thinking out loud... could the draft we have on parallel
(multiple) 'sigs' (which can be anything really) provide a way of
hosting BOTH fully backward-compatible and 'seemingly' broken
sec/auth checks (so implementations could prefer one over the other
without breaking or discarding)? Could it also store something that
makes an "rnews" attack more difficult?
<http://www.ietf.org/proceedings/01mar/I-D/openpgp-multsig-02.txt>
dave
PS: http://deltor.to/keys/ddtrsa#1024
_____________________________________________________________________
Dave Del Torto president/executive director
+1.415.334.5533 #1 CryptoRights Foundation (501c3)
http://cryptorights.org/ddt Securing Human Rights Worldwide
------------- End Forwarded Message -------------
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5