[ietf-dkim] detecting header mutations after signing
ietf-dkim at kitterman.com
Wed Oct 13 19:56:51 PDT 2010
On Wednesday, October 13, 2010 03:59:27 pm Jeff Macdonald wrote:
> On Wed, Oct 13, 2010 at 2:47 PM, Scott Kitterman
> <ietf-dkim at kitterman.com> wrote:
> > On Wednesday, October 13, 2010 02:27:29 pm Jeff Macdonald wrote:
> >> And even if there was a DKIM signature, it is the BAD GUY'S signature,
> >> which should cause it to go into the SPAM folder, with a large
> >> phishing warning.
> > No. That misses the point entirely. The problem here is that one can
> > take a DKIM signed message that is signed by any entity and add
> > additional From/Subjects and the message may still appear to be the one
> > signed by the original entity even though it's been modified
> > post-signature.
> Right. I had understood that and then forgot.
> If DKIM is just viewed as providing an identifier and nothing more,
> then this is a MUA problem.
> If DKIM is viewed as providing more than an identifier, then this is a
> DKIM problem.
The identifier only makes sense within a context. For DKIM that context is the
signed content. For the identifier to be meaningful, it has to be connected to
the actual content of the message, if not, the identifier could be arbitrarily
reused and would serve little purpose.
More information about the ietf-dkim