Re: why bodyhash if just an authentication mechanism

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Sun, 18 Dec 2011 23:08:15 -0800 (PST)

On Sun, 18 Dec 2011, Ramprasad wrote:
> If the body hash did not verify then the content has been tampered with.

The perceived tampering can happen at the signing MTA because of
misconfiguration or peculiarities of the MTA, not because of malicious
action. So if you allow a failed signature to colour your view of the
received message, you can get a lot of false results.

The only useful case is a signature that verified.

-MSK
Received on Mon Dec 19 2011 - 07:08:29 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:22 PST