- From: Willy Tarreau <w@1wt.eu>
- Date: Tue, 7 Jun 2022 08:27:16 +0200
- To: Martin Thomson <mt@lowentropy.net>
- Cc: Justin Richer <jricher@mit.edu>, HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Jun 07, 2022 at 08:28:08AM +1000, Martin Thomson wrote: > Hey Justin, > > I don't agree that this is an acceptable way of dealing with this problem. > It makes the content under signature malleable. Even if that is extremely > narrowly applicable, I don't see how we could publish a specification where > the only defense against an attack like this is text to the effect of "this > might happen". Agreed. Signed contents may never be trusted more than the algorithm used to sign them. If you start by not trusting the algorithm, it's not by suggesting to be extra careful with the contents that we can deal with this. And the use of the signature is here precisely to help an implementation know if it may or may not trust the contents, so that would completely defeat the purpose. Willy
Received on Tuesday, 7 June 2022 06:27:36 UTC