[ietf-dkim] chained signatures, was l= summary
Charles Lindsey
chl at clerew.man.ac.uk
Mon Jun 1 03:14:59 PDT 2009
On Fri, 29 May 2009 22:22:11 +0100, John R. Levine <johnl at iecc.com> wrote:
> I would really like to remove l= from DKIM to make it clear that it is
> not
> a good idea to even try to guess the history of a message based on
> signatures that don't verify and cover the whole messag.
Speak for yourself.
I see a message with a broken, but otherwise plausible, signature, and
that seems on the face of it a genuine message that I might very well care
about, then I might well start to play around to see if some small munge
of the message might have caused the broken signature. I have often done
this in the case of seemingly broken Usenet control messages.
Just because a feature is likely to be used only rarely, and then only by
people who have a good understanding of the protocol, is no reason to
remove that possibility entirely from those people. That is just called
"dumbing down", and "dumbing down" is a dumb idea.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list