On Sun, Feb 07, 2010 at 12:44:52PM -0500, erik quanstrom wrote:
> 1.  the sender can't control email headers.  many
> transfer agents add a random transfer-id which
> would confound this attack.
> 
> 2.  if the rcpt uses mbox format, the sender can't
> control how your message is fit into venti blocks.
> the sender would need to control the entire
> mail box.

Fine, so he sends the evil document as a MIME attachment and you decode it
into its own file to see what it is, just as fossil takes its nightly
snapshot and flings data off to venti.
 
> 3.  http://en.wikipedia.org/wiki/SHA_hash_functions
> says that there have been no SHA1 collisions found.

Up until relatively recently, that would have been true for MD5 as well.

--nwf;