[ietf-dkim] chained signatures, was l= summary
mike at mtcc.com
Tue Jun 2 06:24:43 PDT 2009
Wietse Venema wrote:
> Charles Lindsey:
>> On Mon, 01 Jun 2009 15:49:28 +0100, Barry Leiba <barryleiba at computer.org>
>>> I think it's a terrible idea to (1) leave signatures in a message
>>> after you break them, (2) add A-R without removing any already there,
>>> or (3) add A-R without a signature covering it.
A signature covering it? That's quite a new requirement for a-r and
one that nobody that I'm aware is following.
>> And I, on the contrary, believe it is a terrible idea EVER to remove a
>> signature or an A-R header. There is never anything to be gained by
>> throwing away information that someone more perceptive than yourself might
>> find useful.
> Except, of course, when the bad guys use this to have their bogus
> signatures and their bogus A-R headers "laundered" by naive signers.
People who use bogus information to make go/no-go decisions quite
literally get what they deserve. Why single out DKIM?
In any case, removing signatures seriously sucks from a forensics
standpoint. The DKIM rule is that if they're broken, they're equivalent
to not existing. Leaving signatures in hurts *nothing*, and
provides a lot of feedback to the original sender if needed to
diagnose why signatures failed.
This shit happens in the real world. Often.
More information about the ietf-dkim