innd and rejects of dates
Russ Allbery
rra at stanford.edu
Mon Sep 27 20:38:18 UTC 2010
Thomas Hochstein <inn-workers at ml.th-h.de> writes:
> Russ Allbery schrieb:
>> But I agree that the real fix is to sign Injection-Date as well.
> That wouldn't help against replaying of old control messages, as far
> as I see, as there wasn't anything like Injection-Date when they were
> sent.
You eventually have to require that Injection-Date is covered by the
signature in the processing software for the fix to be complete. (The
pgpcontrol signing algorithm allows the signature to assert the absence of
a header.)
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list