[ietf-dkim] MLMs and the use of multipart/alternative to preserve original DKIM signature and at the same time add a new DKIM signature
Michael Thomas
mike at mtcc.com
Tue Aug 3 09:53:32 PDT 2010
On 08/03/2010 09:40 AM, Murray S. Kucherawy wrote:
>> -----Original Message-----
>> From: Michael Thomas [mailto:mike at mtcc.com]
>> Sent: Tuesday, August 03, 2010 9:21 AM
>> To: Murray S. Kucherawy
>> Cc: Rolf E. Sonneveld; ietf-dkim at mipassoc.org
>> Subject: Re: [ietf-dkim] MLMs and the use of multipart/alternative to
>> preserve original DKIM signature and at the same time add a new DKIM
>> signature
>>
>>> But didn't we also say that such reverified signatures don't get any
>>> additional meaning with 'z=' reprocessing?
>>
>> Sorry, I don't understand.
>
> I guess I don't either. You're saying use of "l=" and "z=" got your mail-through-lists signature verification statistics up to 95%. However, RFC4871 says "Copied header field values are for diagnostic use" which I interpret to mean (and I think discussion on the list back then also agreed) that the information in a "z=" tag isn't supposed to contribute to the canonicalization algorithms, but instead can only be used for diagnostic purposes (i.e., "This signature failed, and via the 'z=' we know why... but it still failed.").
Yeah, well, sue me for flipping that MUST NOT the bird. It works, z= is signed
by the originator, and it's probably as high a recovery rate that you'll ever
get going through mailing lists. We weren't proposing that it be part of any
standard, and our reasons had nothing to do with ADSP either. All I'm saying is
that if you want mailing list signature recovery, we've already done that and
wrung out about as much as can be hoped for.
As I asked earlier, what is the purpose of this anyway? We were doing it to
deal with spear-phishing attacks. Maybe I've missed the motivation for the
mime thingy.
Mike
More information about the ietf-dkim
mailing list