[ietf-dkim] detecting header mutations after signing
hsantos at isdg.net
Fri Oct 8 07:50:04 PDT 2010
Michael Thomas wrote:
> On 10/07/2010 05:01 PM, John R. Levine wrote:
>> Nobody has signed a non-compliant message, so while there is nothing wrong
>> with Mike's advice, it completely misses the point.
> You're right, it does miss the point. What I'm trying to get my
> head around is whether this is a real problem in the real world.
Not yet, but this has a higher risk of occurrence in the future than
let's say, SHA1 exploits which required us to incorporate SHA256 into
the options mix.
More information about the ietf-dkim