Re: States and the 8 bit dilemma

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Previous message: Dave Crocker: "Re: States and the 8 bit dilemma"
• In reply to: Dave Crocker: "Re: States and the 8 bit dilemma"

On Mar 5,  2:42pm, Dave Crocker wrote:
} Subject: Re: States and the 8 bit dilemma
}
} At 11:57 AM 2/29/96, Barton E. Schaefer wrote:
} >then you have message security.  However, I'm still struggling to find
} >an example where any undetected change to the headers would be damaging
} >rather than simply annoying.
} 
} 	In the right contexts, things which we would otherwise think of as
} annoying are, in fact, damaging.  A 5 minute delay of an airport bus is
} annoying.  If it makes you miss your flight it's damaging.  Changing
} headers will destroy automated processing.

Right, but how is this qualitatively different from destroying the message
entirely?  If you can intercept and replace the header, you can intercept
and either replace the whole thing with complete garbage or simply prevent
delivery altogether.

Short of hiding the header inside an encryption -- which I assert takes
you out of the realm of "message security" and into the realm of "object
security on message objects" -- what value is there in cryptographic
authentication of headers?

(I'm assuming that you can't do this to headers that transport agents
are permitted to rewrite, such as From: and To:, so non-repudiation of
either party isn't a viable answer.)

-- 
Bart Schaefer                     Vice President, Technology, Z-Code Software
schaefer@z-code.com                  Division of NCD Software Corporation
http://www.well.com/www/barts

• Previous message: Dave Crocker: "Re: States and the 8 bit dilemma"
• In reply to: Dave Crocker: "Re: States and the 8 bit dilemma"