7.4.1. Modification of Required Message Parameters

7.4.1. Modification of Required Message Parameters

An attacker could effectively deny a service by modifying an otherwise benign signature parameter or signed message component. While rejecting a modified message is the desired behavior, consistently failing signatures could lead to (1) the verifier turning off signature checking in order to make systems work again (see Section 7.1.1) or (2) the application minimizing the requirements related to the signed component.

If such failures are common within an application, the signer and verifier should compare their generated signature bases with each other to determine which part of the message is being modified. If an expected modification is found, the signer and verifier can agree on an alternative set of requirements that will pass. However, the signer and verifier should not remove the requirement to sign the modified component when it is suspected that an attacker is modifying the component.