[ietf-dkim] Ticket 23 -- l= and Content-type
dhc at dcrocker.net
Fri Apr 29 10:56:03 PDT 2011
Two quick reactions about the first part of the ticket:
1. This is just a variant of the basic hole created by use of l=
2. The premise that having the l= go to a multipart boundary somehow
increases security is simply wrong. More generally, the idea that one or
another tidbit might tighten things a bit, l= opens such a huge door, the small
tidbits don't matter.
As for the second part, with or without Content-Type, messing with the message
in any interesting way will break the signature.
More information about the ietf-dkim