Educause Security Discussion mailing list archives

Re: New SANS Discount Programs to Educational Centers

From: "H. Morrow Long" <morrow.long () YALE EDU>
Date: Mon, 1 Dec 2003 16:45:36 -0500

On Dec 1, 2003, at 10:10 AM, David Escalante wrote:

Just thought I'd mention that Mozilla 1.5 reports your X.509 signature
as "broken" for this message.  It notes that the signature does not
match the message content correctly, and that the message appears to
have been altered since sending.  This is conceivable if some
majordomo-ish software munged the headers or something, but if that's
what happened, then there's no point in signing messages to lists.
Interesting.  Have you run into this before?
--
David Escalante
Director of Computer Security
Boston College


David --  The mailing list software which EDUCAUSE is using is
       modifying the message sent to some degree -- and actually
       any small amount of modification at all will throw off the crypto
       'signing' of the MIME parts. I've checked the 'sent' message in
       my 'out box' and the signature on it is fine and can be verified.

       Yes, I've run into List s/w modifying e-mail messages before
       (e.g. by appended lines to the posted messages) then breaking
       the digital signatures (you can get around this by only tacking on
       info as part of the RFC822 headers which should be 'outside' the
       digital signature for the message).

The major change that the list s/w is making inside the MIME message
parts
is inserting a tagline for the Educause discussion groups -- e.g. the
two lines:

**********\$
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

But the list software is also reformatting "whitespace" in the message
as well (changing leading tabs to spaces and removing trailing spaces).

Here is a 'diff' between the message I sent and what I received from
the list
( the RFC822 headers have been removed as well as the trailing S/MIME
sig)
to demonstrate :

[net248-80:/tmp] morrow% diff one two | vis -l
3c3\$
<       boundary=Apple-Mail-1--870838275\$
---\$
>         boundary=Apple-Mail-1--870838275\$
9,10c9,10\$
<       charset=US-ASCII;\$
<       format=flowed\$
---\$
>         charset=US-ASCII;\$
>         format=flowed\$
12c12\$
< I received the following targeted e-mail from SANS (Note: I have no \$
---\$
> I received the following targeted e-mail from SANS (Note: I have no\$
14c14\$
< I know that many of us in higher ed participate in SANS training as \$
---\$
> I know that many of us in higher ed participate in SANS training as\$
17c17\$
< SANS is offering two new discounted packages specifically to .edu \$
---\$
> SANS is offering two new discounted packages specifically to .edu\$
23c23\$
< 2. General end-user online SANS Security Awareness Training @ $1 per
\$
---\$
> 2. General end-user online SANS Security Awareness Training @ $1 per\$
26c26\$
< H. Morrow Long, Director - Information Security Office, ITS, Yale \$
---\$
> H. Morrow Long, Director - Information Security Office, ITS, Yale\$
83a84,86\$
> **********\$
> Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.\$
> \$
87c90\$
<       charset=US-ASCII\$
---\$
>         charset=US-ASCII\$
204c207\$
< Brian Correia \$
---\$
> Brian Correia\$
208c211\$
< SANS Institute \$
---\$
> SANS Institute\$
210c213\$
< www.sans.org / brian () sans org \$
---\$
> www.sans.org / brian () sans org\$
[net248-80:/tmp] morrow%

- H. Morrow Long
  Director - Information Security
  Yale University, ITS

On Dec 1, 2003, at 10:10 AM, David Escalante wrote:

Just thought I'd mention that Mozilla 1.5 reports your X.509 signature
as "broken" for this message.  It notes that the signature does not
match the message content correctly, and that the message appears to
have been altered since sending.  This is conceivable if some
majordomo-ish software munged the headers or something, but if that's
what happened, then there's no point in signing messages to lists.
Interesting.  Have you run into this before?
--
David Escalante
Director of Computer Security
Boston College

**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Attachment: smime.p7s
Description:

Current thread:

New SANS Discount Programs to Educational Centers H. Morrow Long (Nov 25)
- <Possible follow-ups>
- Re: New SANS Discount Programs to Educational Centers David Escalante (Dec 01)
- Re: New SANS Discount Programs to Educational Centers H. Morrow Long (Dec 01)
- Re: New SANS Discount Programs to Educational Centers Jefferson, Ronnie V. (Dec 01)
- Re: New SANS Discount Programs to Educational Centers Joe St Sauver (Dec 01)
- Re: New SANS Discount Programs to Educational Centers Dave Koontz (Dec 01)
- Re: New SANS Discount Programs to Educational Centers Jefferson, Ronnie V. (Dec 01)
- Re: New SANS Discount Programs to Educational Centers H. Morrow Long (Dec 01)
- Re: New SANS Discount Programs to Educational Centers JS Gluck (Dec 02)
- Re: New SANS Discount Programs to Educational Centers Jefferson, Ronnie V. (Dec 02)