[ietf-dkim] layer violations, was detecting header mutations after signing
John R. Levine
johnl at iecc.com
Thu Oct 14 07:58:35 PDT 2010
> Perhaps surprisingly, having redundant header fields does not make DKIM
> break.
We must have some vastly different definition of "break".
If allowing through modified messages that render very differently isn't
broken, shouldn't we remove the advice against signing with l=0? The
advice in favor of signing Subject: and To: fields? None of those has any
technical effect on the ability of a verifier to compute and compare
hashes.
If not, what's the difference, other than the fact that we thought of some
of them several years ago and just noticed these last week?
Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2304 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mipassoc.org/pipermail/ietf-dkim/attachments/20101014/c925ff49/attachment.bin
More information about the ietf-dkim
mailing list