[ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs
Charles Lindsey
chl at clerew.man.ac.uk
Mon Oct 4 03:43:10 PDT 2010
On Sun, 03 Oct 2010 07:13:55 +0100, Michael Deutschmann
<michael at talamasca.ocis.net> wrote:
> And there's the rub. The problem is that a major threat we anticipate,
> is that should a means be added to append a footer without breaking the
> signature, bad guys will find short legitimate messages and replay them
> with a footer containing spam.
I would suppose that an added footer will usually take the form of an
extra part with Disposition: inline in a multipart/mixed. Insofar as this
is not the current convention it ought to be (if only so that users can
filter out those annoying footers).
In that case, the clean solution, in lieu of the little-used 'l=...',
would be to have some mechanism for speciffying exactly which
parts/atachments of a messsage had been included in the signature.
Whether it is now too late to add such a fundamental enhancement to DKIM
is an interesting question, even though it might enable various useful
possibilities. But at least it ought to be looked into.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list