Educause Security Discussion mailing list archives
Re: New SANS Discount Programs to Educational Centers
From: "H. Morrow Long" <morrow.long () YALE EDU>
Date: Mon, 1 Dec 2003 16:45:36 -0500
On Dec 1, 2003, at 10:10 AM, David Escalante wrote:
Just thought I'd mention that Mozilla 1.5 reports your X.509 signature as "broken" for this message. It notes that the signature does not match the message content correctly, and that the message appears to have been altered since sending. This is conceivable if some majordomo-ish software munged the headers or something, but if that's what happened, then there's no point in signing messages to lists. Interesting. Have you run into this before? -- David Escalante Director of Computer Security Boston College
David -- The mailing list software which EDUCAUSE is using is modifying the message sent to some degree -- and actually any small amount of modification at all will throw off the crypto 'signing' of the MIME parts. I've checked the 'sent' message in my 'out box' and the signature on it is fine and can be verified. Yes, I've run into List s/w modifying e-mail messages before (e.g. by appended lines to the posted messages) then breaking the digital signatures (you can get around this by only tacking on info as part of the RFC822 headers which should be 'outside' the digital signature for the message). The major change that the list s/w is making inside the MIME message parts is inserting a tagline for the Educause discussion groups -- e.g. the two lines: **********\$ Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. But the list software is also reformatting "whitespace" in the message as well (changing leading tabs to spaces and removing trailing spaces). Here is a 'diff' between the message I sent and what I received from the list ( the RFC822 headers have been removed as well as the trailing S/MIME sig) to demonstrate : [net248-80:/tmp] morrow% diff one two | vis -l 3c3\$ < boundary=Apple-Mail-1--870838275\$ ---\$ > boundary=Apple-Mail-1--870838275\$ 9,10c9,10\$ < charset=US-ASCII;\$ < format=flowed\$ ---\$ > charset=US-ASCII;\$ > format=flowed\$ 12c12\$ < I received the following targeted e-mail from SANS (Note: I have no \$ ---\$ > I received the following targeted e-mail from SANS (Note: I have no\$ 14c14\$ < I know that many of us in higher ed participate in SANS training as \$ ---\$ > I know that many of us in higher ed participate in SANS training as\$ 17c17\$ < SANS is offering two new discounted packages specifically to .edu \$ ---\$ > SANS is offering two new discounted packages specifically to .edu\$ 23c23\$ < 2. General end-user online SANS Security Awareness Training @ $1 per \$ ---\$ > 2. General end-user online SANS Security Awareness Training @ $1 per\$ 26c26\$ < H. Morrow Long, Director - Information Security Office, ITS, Yale \$ ---\$ > H. Morrow Long, Director - Information Security Office, ITS, Yale\$ 83a84,86\$ > **********\$ > Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.\$ > \$ 87c90\$ < charset=US-ASCII\$ ---\$ > charset=US-ASCII\$ 204c207\$ < Brian Correia \$ ---\$ > Brian Correia\$ 208c211\$ < SANS Institute \$ ---\$ > SANS Institute\$ 210c213\$ < www.sans.org / brian () sans org \$ ---\$ > www.sans.org / brian () sans org\$ [net248-80:/tmp] morrow% - H. Morrow Long Director - Information Security Yale University, ITS On Dec 1, 2003, at 10:10 AM, David Escalante wrote:
Just thought I'd mention that Mozilla 1.5 reports your X.509 signature as "broken" for this message. It notes that the signature does not match the message content correctly, and that the message appears to have been altered since sending. This is conceivable if some majordomo-ish software munged the headers or something, but if that's what happened, then there's no point in signing messages to lists. Interesting. Have you run into this before? -- David Escalante Director of Computer Security Boston College ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Attachment:
smime.p7s
Description:
Current thread:
- New SANS Discount Programs to Educational Centers H. Morrow Long (Nov 25)
- <Possible follow-ups>
- Re: New SANS Discount Programs to Educational Centers David Escalante (Dec 01)
- Re: New SANS Discount Programs to Educational Centers H. Morrow Long (Dec 01)
- Re: New SANS Discount Programs to Educational Centers Jefferson, Ronnie V. (Dec 01)
- Re: New SANS Discount Programs to Educational Centers Joe St Sauver (Dec 01)
- Re: New SANS Discount Programs to Educational Centers Dave Koontz (Dec 01)
- Re: New SANS Discount Programs to Educational Centers Jefferson, Ronnie V. (Dec 01)
- Re: New SANS Discount Programs to Educational Centers H. Morrow Long (Dec 01)
- Re: New SANS Discount Programs to Educational Centers JS Gluck (Dec 02)
- Re: New SANS Discount Programs to Educational Centers Jefferson, Ronnie V. (Dec 02)